Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11830Time-of-check Time-of-use (TOCTOU) Race Condition in Corporation Device Guard

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition9 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
1.2%
top 21.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
15
Microsoft Corporation Device GuardMicrosoft Windows 10Microsoft Windows Server+12 more
Timeline
PublishedNov 15
Latest updateMay 13

Description

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages15 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-39hh-f7r8-595f: Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsig2022-05-13

💥Exploits & PoCs

3
Exploit-DB
Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU2018-09-19
Exploit-DB
Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix2018-04-16
Exploit-DB
Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass2017-11-20

📋Vendor Advisories

1
Microsoft
Device Guard Security Feature Bypass Vulnerability2017-11-14

🕵️Threat Intelligence

3
Qualys
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update2017-11-14
Talos
Microsoft Patch Tuesday - November 20172017-11-14
Qualys
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update | Qualys2017-11-14
CVE-2017-11830 — Corporation Device Guard vulnerability | cvebase