PT-2017-18445 · Microsoft · Device Guard+3
Enigma0X3
+3
·
Published
2017-08-08
·
Updated
2023-10-25
·
CVE-2017-8625
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Internet Explorer versions in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
Description
A security issue exists due to Internet Explorer failing to validate User Mode Code Integrity (UMCI) policies, allowing an attacker to bypass Device Guard UMCI policies.
Recommendations
For Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, update Internet Explorer to a version that properly validates UMCI policies to prevent bypassing Device Guard policies.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Device Guard
Internet Explorer
Windows 10
Windows Server 2016