CVE-2017-11823
medium
CVSS v3
6.7
CVSS v2
7.2
VIR risk
6.7
Description
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
Predictions
Exploit likelihood
66%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@microsoft.com — https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | - | affected | |
| windows | 1511 | affected | |
| windows | 1607 | affected | |
| windows | 1703 | affected | |
| windows | affected | |
References
- http://www.securityfocus.com/bid/101102
- http://www.securitytracker.com/id/1039526
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823
- https://www.exploit-db.com/exploits/42997/
- http://www.securityfocus.com/bid/101102
- http://www.securitytracker.com/id/1039526
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823
- https://www.exploit-db.com/exploits/42997/
CWEs
CWE-362
Verify integrity in audit chain (admin only). AS-IS.