CVE-2017-0218 — Resource Exposure in Corporation Microsoft Windows
Severity
5.3MEDIUMNVD
EPSS
2.0%
top 16.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 15
Latest updateMay 13
Description
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4
Affected Packages9 packages
▶CVEListV5microsoft_corporation/microsoft_windowsMicrosoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016.
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-476g-vv5c-32cp: Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerabil↗2022-05-13
GHSA▶
GHSA-3p2f-6gxq-2j9p: Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Gua↗2022-05-13
GHSA▶
GHSA-ffhm-frg4-m7jm: Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerabil↗2022-05-13
GHSA▶
GHSA-xcx2-x6f7-987c: Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allo↗2022-05-13
GHSA▶
GHSA-cpr6-g96h-73qr: Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allo↗2022-05-13