Описание
.NET Framework Device Guard Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.
To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.
The update addresses the vulnerability by correcting how .Net Framework instantiates COM objects.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft .NET Framework 4.6.2/4.7/4.7.1 on Windows 10 Version 1607 for 32-bit Systems | ||
| Microsoft .NET Framework 4.6.2/4.7/4.7.1 on Windows 10 Version 1607 for x64-based Systems | ||
| Microsoft .NET Framework 4.6.2/4.7/4.7.1 on Windows Server 2016 | ||
| Microsoft .NET Framework 4.6.2/4.7/4.7.1 on Windows Server 2016 (Server Core installation) | ||
| Microsoft .NET Framework 4.7/4.7.1 on Windows 10 Version 1703 for 32-bit Systems | ||
| Microsoft .NET Framework 4.7/4.7.1 on Windows 10 Version 1703 for x64-based Systems | ||
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems | ||
| Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems | ||
| Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation) | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1 on Windows 7 for 32-bit Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
EPSS