Описание
Code Integrity Guard Security Feature Bypass Vulnerability
Меры по смягчению последствий
Are there any factors which reduce the risk of this vulnerability?
An attacker must have existing access to the target file prior to exploitation.
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could trick Windows Code Integrity Guard (CIG) into trusting the file the attacker altered to contain arbitrary content bypassing CIG integrity checks.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of integrity (I:H). What does that mean for this vulnerability?
An authenticated attacker could replace valid file content with specially crafted file content.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 10 Version 1809 for 32-bit Systems | ||
| Windows 10 Version 1809 for x64-based Systems | ||
| Windows Server 2019 | ||
| Windows Server 2019 (Server Core installation) | ||
| Windows Server 2022 | ||
| Windows Server 2022 (Server Core installation) | ||
| Windows 11 version 21H2 for x64-based Systems | ||
| Windows 11 version 21H2 for ARM64-based Systems | ||
| Windows 10 Version 21H2 for 32-bit Systems | ||
| Windows 10 Version 21H2 for ARM64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Code Integrity Guard Security Feature Bypass Vulnerability
Code Integrity Guard Security Feature Bypass Vulnerability
Уязвимость функции Code Integrity Guard операционных систем Microsoft Windows, позволяющая нарушителю обойти ограничения безопасности
EPSS
5.5 Medium
CVSS3