Important CVSS 4.3 2018-06 archive

Executive Summary

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. The security update addresses the security feature bypass by correcting how Internet Explorer handles MOTW tagging.

Overview

4.3
CVSS MEDIUM
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Security Feature Bypass
Released Jun 12 2018
Last Updated Jun 12 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

CVSS Vector

ATTACK VECTOR
Network
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
None
USER INTERACTION
Required
SCOPE
Unchanged
CONFIDENTIALITY
Low
INTEGRITY
None
AVAILABILITY
None
EXPLOIT CODE MATURITY
Proof-of-Concept
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 3.9

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

6 affected products
Product KB Article Severity Impact Restart Required
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4284874 (Security Update) Important Security Feature Bypass Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4284874 (Security Update) Important Security Feature Bypass Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4284819 (Security Update) Important Security Feature Bypass Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4284819 (Security Update) Important Security Feature Bypass Yes
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems 4284835 (Security Update) Important Security Feature Bypass Yes
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems 4284835 (Security Update) Important Security Feature Bypass Yes

Patches

3 patches
Article Type Restart
4284874 Security Update Yes
4284819 Security Update Yes
4284835 Security Update Yes

Known Exploits

Acknowledgments