CVE-2017-11899
published 2017-12-12CVE-2017-11899: Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due…
PriorityP351critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.84%
92.2th percentile
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft_corporation | device_guard | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_version_1709 | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjx3-hgc4-c4pr: Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerabil
ghsa_unreviewed·2022-05-13
CVE-2017-11899 [CRITICAL] GHSA-pjx3-hgc4-c4pr: Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerabil
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".
Microsoft
Device Guard Security Feature Bypass Vulnerability
vendor_msrc·2017-12-12·CVSS 7.5
CVE-2017-11899 [CRITICAL] Device Guard Security Feature Bypass Vulnerability
Device Guard Security Feature Bypass Vulnerability
Description: A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard could then allow a malicious file to execute.
In an attack scenario, an attacker could make an untrusted file appear to be a trusted file.
The update addresses the vulnerability by correcting how Device Guard handles untrusted files.
Device Guard: Device Guard
Microsoft: Microsoft
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Relea
No detection rules found.
No public exploits indexed.
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates
blogs_trendmicro·2017-12-13·CVSS 9.8
[CRITICAL] December Patch Tuesday: MMPE Vulnerability Updates
Ausnutzung von Schwachstellen
## December Patch Tuesday: MMPE Vulnerability Updates
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. There were only a few notable vulnerabilities that were addressed.
By: Trend Micro Dec 13, 2017 Read time: ( words)
Save to Folio
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed. Perhaps the most significant of these were CVE-2017-11937 and CVE-2017-11940 , two remote code execution vulnerabilities concerning the Microsoft M
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates
blogs_trendmicro·2017-12-13·CVSS 9.8
[CRITICAL] December Patch Tuesday: MMPE Vulnerability Updates
Exploits & Vulnerabilities
## December Patch Tuesday: MMPE Vulnerability Updates
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. There were only a few notable vulnerabilities that were addressed.
By: Trend Micro 2017/12/13 Read time: ( words)
Save to Folio
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed. Perhaps the most significant of these were CVE-2017-11937 and CVE-2017-11940 , two remote code execution vulnerabilities concerning the Microsoft Malwar
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates
blogs_trendmicro·2017-12-13·CVSS 9.8
[CRITICAL] December Patch Tuesday: MMPE Vulnerability Updates
Exploits & Vulnerabilities
## December Patch Tuesday: MMPE Vulnerability Updates
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. There were only a few notable vulnerabilities that were addressed.
By: Trend Micro Dec 13, 2017 Read time: ( words)
Save to Folio
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed. Perhaps the most significant of these were CVE-2017-11937 and CVE-2017-11940 , two remote code execution vulnerabilities concerning the Microsoft Malw
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates
blogs_trendmicro·2017-12-13·CVSS 9.8
[CRITICAL] December Patch Tuesday: MMPE Vulnerability Updates
Exploits & Vulnerabilities
# December Patch Tuesday: MMPE Vulnerability Updates
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. There were only a few notable vulnerabilities that were addressed.
By: Trend Micro
2017/12/13
Read time: ( words)
Save to Folio
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed. Perhaps the most significant of these were CVE-2017-11937 and CVE-2017-11940, two remote code execution vulnerabilities concerning the Microsoft Malware
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates
blogs_trendmicro·2017-12-13·CVSS 9.8
[CRITICAL] December Patch Tuesday: MMPE Vulnerability Updates
Sfruttamento vulnerabilità
## December Patch Tuesday: MMPE Vulnerability Updates
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. There were only a few notable vulnerabilities that were addressed.
By: Trend Micro Dec 13, 2017 Read time: ( words)
Save to Folio
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed. Perhaps the most significant of these were CVE-2017-11937 and CVE-2017-11940 , two remote code execution vulnerabilities concerning the Microsoft Malw
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates
blogs_trendmicro·2017-12-13·CVSS 9.8
[CRITICAL] December Patch Tuesday: MMPE Vulnerability Updates
Exploits y vulnerabilidades
## December Patch Tuesday: MMPE Vulnerability Updates
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. There were only a few notable vulnerabilities that were addressed.
By: Trend Micro Dec 13, 2017 Read time: ( words)
Save to Folio
It was a relatively low-key year-ender for Microsoft’s Patch Tuesday, as the company’s monthly release of updates was relatively light in terms of noteworthy vulnerabilities. With that said, there were still a few notable vulnerabilities that were addressed. Perhaps the most significant of these were CVE-2017-11937 and CVE-2017-11940 , two remote code execution vulnerabilities concerning the Microsoft Mal
Talos
Microsoft Patch Tuesday - December 2017
blogs_talos·2017-12-12·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - December 2017
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 34 new vulnerabilities with 21 of them rated critical and 13 of them rated important. These vulnerabilities impact Edge, Exchange, Internet Explorer, Office, Scripting Engine, Windows, and more.
In addition to the 33 vulnerabilities addressed, Microsoft has also released an update for Microsoft Office which improves security by disabling the Dynamic Data Exchange (DDE) protocol. This update is detailed in ADV170021 and impacts all supported versions of Office. Organizations who are unable to install this update should consult the advisory for workaround that help mitigate DDE exploitation attempts.
##
http://www.securityfocus.com/bid/102077http://www.securitytracker.com/id/1039992https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11899http://www.securityfocus.com/bid/102077http://www.securitytracker.com/id/1039992https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11899
2017-12-12
Published