CVE-2017-11823
published 2017-10-13CVE-2017-11823: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles…
PriorityP433medium6.7CVSS 3.0
AVLACLPRHUINSUCHIHAH
EXPLOIT
EPSS
2.56%
83.1th percentile
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft_corporation | device_guard | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.06.7MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc6.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g3f2-7wv6-4cx5: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it
ghsa_unreviewed·2022-05-13
CVE-2017-11823 [HIGH] CWE-362 GHSA-g3f2-7wv6-4cx5: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
Microsoft
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
vendor_msrc·2017-10-10·CVSS 6.3
CVE-2017-11823 [MEDIUM] Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.
To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy.
The update addresses the vulnerability by correcting how PowerShell exposes functions and
No detection rules found.
http://www.securityfocus.com/bid/101102http://www.securitytracker.com/id/1039526https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823https://www.exploit-db.com/exploits/42997/http://www.securityfocus.com/bid/101102http://www.securitytracker.com/id/1039526https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823https://www.exploit-db.com/exploits/42997/
2017-10-13
Published