PT-2018-9864 · Microsoft · .Net Framework

James Forshaw

Published

2018-05-08

Updated

2019-10-03

CVE-2018-1039

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 2.0 through 4.7.1

Description: A security feature bypass issue exists that could allow an attacker to bypass Device Guard. This could enable an attacker to circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit this issue, an attacker would first have to access the local machine.

Recommendations: For Microsoft .NET Framework versions 2.0 through 4.7.1, update to a version that includes the fix for this security feature bypass issue to prevent attackers from bypassing Device Guard.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-1039

Affected Products

.Net Framework

PT-2018-9864 · Microsoft · .Net Framework

CVE-2018-1039

Related Identifiers

Affected Products

References · 6