Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-8449Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft Windows 10

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition6 documents6 sources
Severity
3.3LOWNVD
EPSS
0.7%
top 28.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft Windows 10Microsoft Windows 10 ServersMicrosoft Windows Server 2016
Timeline
PublishedSep 13
Latest updateMay 13

Description

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation), version 1803 (Server Core Installation)+1
CVEListV5microsoft/windows_server_2016(Server Core installation)
NVDmicrosoft/windows1709, 1803+1
CVEListV5microsoft/windows_1010 versions+9
NVDmicrosoft/windows_104 versions+3

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-pf35-ch3j-qpg8: A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability2022-05-13
Project0
Injecting Code into Windows Protected Processes using COM - Part 1 - Project Zero2018-10-01
CVEList
CVE-2018-8449: A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability2018-09-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU2018-09-19

📋Vendor Advisories

1
Microsoft
Device Guard Security Feature Bypass Vulnerability2018-09-11
CVE-2018-8449 — Microsoft Windows 10 vulnerability | cvebase