CVE-2017-11899Corporation Device Guard vulnerability

10 documents5 sources
Severity
9.8CRITICALNVD
EPSS
20.2%
top 4.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Microsoft Corporation Device GuardMicrosoft Windows 10Microsoft Windows Server 2016+12 more
Timeline
PublishedDec 12
Latest updateMay 13

Description

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages15 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-pjx3-hgc4-c4pr: Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerabil2022-05-13

📋Vendor Advisories

1
Microsoft
Device Guard Security Feature Bypass Vulnerability2017-12-12

🕵️Threat Intelligence

7
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
Trendmicro
December Patch Tuesday: MMPE Vulnerability Updates2017-12-13
CVE-2017-11899 — Corporation Device Guard vulnerability | cvebase