Описание
Windows App Control for Business Security Feature Bypass Vulnerability
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker can spoof the signature to get it to bypass App Control policy.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:L), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?
An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 11 Version 24H2 for ARM64-based Systems | ||
| Windows 11 Version 24H2 for x64-based Systems | ||
| Windows Server 2025 | ||
| Windows Server 2025 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.1 Medium
CVSS3
Связанные уязвимости
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.
Уязвимость технологии Windows Defender Application Control (WDAC) операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
5.1 Medium
CVSS3