CVE-2018-8492 — Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Executive Summary
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy. The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.
Overview
CVSS Vector
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Windows 10 Version 1607 for 32-bit Systems | 4462917 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1607 for x64-based Systems | 4462917 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1703 for 32-bit Systems | 4462937 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1703 for x64-based Systems | 4462937 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1709 for 32-bit Systems | 4462918 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1709 for x64-based Systems | 4462918 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1803 for 32-bit Systems | 4462919 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1803 for x64-based Systems | 4462919 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1809 for 32-bit Systems | 4464330 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows 10 Version 1809 for x64-based Systems | 4464330 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows Server 2016 | 4462917 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows Server 2016 (Server Core installation) | 4462917 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows Server 2019 | 4464330 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows Server 2019 (Server Core installation) | 4464330 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows Server, version 1709 (Server Core Installation) | 4462918 (Security Update) |
Important | Security Feature Bypass | Yes |
| Windows Server, version 1803 (Server Core Installation) | 4462919 (Security Update) |
Important | Security Feature Bypass | Yes |
Patches
| Article | Type | Restart |
|---|---|---|
4462917 |
Security Update | Yes |
4462937 |
Security Update | Yes |
4462918 |
Security Update | Yes |
4462919 |
Security Update | Yes |
4464330 |
Security Update | Yes |
Known Exploits
Acknowledgments
Jimmy Bayne ( @bohops