cbcvebase.
CVE-2017-8625
published 2017-08-08

CVE-2017-8625: Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI)…

PriorityP351high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
15.26%
96.4th percentile
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".

Affected

9 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoft_corporationinternet_explorer
msrcinternet_explorer_11_on_windows_10_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1511_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1607_for_x64-based_systems
msrcinternet_explorer_11_on_windows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector: user visits a malicious website OR attacker runs a specially crafted application locally to bypass Device Guard UMCI policies in Internet Explorer 11
  • The bypass allows execution of unsigned code as if signed by a trusted source — monitor for unsigned binaries executing under Internet Explorer process context on systems with Device Guard / UMCI enabled
  • Affected scope: Internet Explorer 11 on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016 — scope detection/alerting to these platform/browser combinations
  • ·Exploit status at time of patching: publicly disclosed = No, actively exploited = No, exploitation rated 'Less Likely' for latest software release — prioritize patching but active in-the-wild exploitation was not confirmed at disclosure
  • ·Remediation patches available via Windows Update catalog — KB4034658, KB4034668, KB4034660; absence of these KBs on affected systems indicates unpatched exposure

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.