CVE-2019-0732

Опубликовано: 09 апр. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.

Ссылки

http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/46716/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/152536/Microsoft-Windows-LUAFV-NtSetCachedSigningLevel-Device-Guard-Bypass.html
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0732
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/46716/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01235

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2019-0732

CVSS3: 5.3

msrc

больше 6 лет назад

Windows Security Feature Bypass Vulnerability

GHSA-2hxc-g3vg-5jpj