Описание
Windows Scripting Engine Security Feature Bypass Vulnerability
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
The Anti-Malware Scanning Interface implementation in the newer jscript9legacy.dll is not enabled when running in cscript/wscript leading to a bypass.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2022 | ||
| Windows Server 2022 (Server Core installation) | ||
| Windows 11 version 21H2 for x64-based Systems | ||
| Windows 11 version 21H2 for ARM64-based Systems | ||
| Windows 11 Version 22H2 for ARM64-based Systems | ||
| Windows 11 Version 22H2 for x64-based Systems | ||
| Windows 11 Version 23H2 for ARM64-based Systems | ||
| Windows 11 Version 23H2 for x64-based Systems | ||
| Windows Server 2022, 23H2 Edition (Server Core installation) | ||
| Windows 11 Version 24H2 for ARM64-based Systems |
Показывать по
10
Возможность эксплуатации
Publicly Disclosed
No
Exploited
No
Latest Software Release
Exploitation Less Likely
DOS
N/A
EPSS
Процентиль: 46%
0.00233
Низкий
7.7 High
CVSS3
Связанные уязвимости
CVSS3: 7.7
nvd
8 месяцев назад
Windows Scripting Engine Security Feature Bypass Vulnerability
CVSS3: 7.7
github
8 месяцев назад
Windows Scripting Engine Security Feature Bypass Vulnerability
CVSS3: 7.7
fstec
8 месяцев назад
Уязвимость библиотеки jscript9legacy.dll интерфейса Antimalware Scan Interface (AMSI) операционных систем Microsoft Windows, позволяющая нарушителю обойти ограничения безопасности
EPSS
Процентиль: 46%
0.00233
Низкий
7.7 High
CVSS3