Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11823 — Race Condition in Corporation Device Guard

CWE-362 — Race Condition5 documents5 sources

Severity

6.7MEDIUMNVD

EPSS

3.4%

top 12.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Device Guard Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems +8 more

Timeline

PublishedOct 13

Latest updateMay 13

Description

The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages11 packages

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶msrcmsrc/windows_server_2016

▶CVEListV5microsoft_corporation/device_guardWindows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-g3f2-7wv6-4cx5: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass↗2017-10-17

▶

📋Vendor Advisories

Microsoft

Device Guard Code Integrity Policy Security Feature Bypass Vulnerability↗2017-10-10

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - October 2017↗2017-10-10

▶