CVE-2020-0951

Name of the Vulnerable Software and Affected Versions: Windows Defender Application Control (WDAC) (affected versions not specified)

Description: A security feature bypass issue exists in Windows Defender Application Control (WDAC), allowing an attacker to bypass WDAC enforcement and execute arbitrary code by sending commands to a PowerShell session. To exploit this issue, an attacker needs administrator access on a local machine where PowerShell is running. The vulnerability is related to errors in validating PowerShell commands.

Recommendations: To resolve the issue, apply the update that corrects how PowerShell commands are validated when WDAC protection is enabled. As a temporary workaround, consider restricting access to PowerShell sessions to minimize the risk of exploitation. Avoid using PowerShell commands that could be used to execute arbitrary code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.