Published: 15/11/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.3 | Impact Score: 3.4 | Exploitability Score: 1.8
VMScore: 465
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an malicious user to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product


Source: bugschromiumorg/p/project-zero/issues/detail?id=1332 Windows: CiSetFileCache TOCTOU Security Feature Bypass Platform: Windows 10 10586/14393/10S not tested 81 Update 2 or Windows 7 Class: Security Feature Bypass Summary: It’s possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to to ...

Github Repositories

WindowsLegacyCVE CVE-2017-10204 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5122 r115126 x64 (Tested on Windows 10) Class: Elevation of Privilege Summary: The process hardening implemented by the VirtualBox driver can be circumvented to load arbitrary code inside a VirtualBox process giving access to the VBoxDrv driver which can allow routes to

Recent Articles

It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros
The Register • Shaun Nichols in San Francisco • 15 Nov 2017

Not enough? How about a few dozen PDF remote code holes?

Microsoft and Adobe are getting into the holiday spirit this month by gorging users and admins with a glut of security fixes.
The November of Patch Tuesday brings fixes for more than 130 bugs between the two software giants for products including IE, Edge, Office, Flash Player and Acrobat.
Microsoft's patch dump addresses a total 53 CVE-listed vulnerabilities, including three that already have been publicly detailed. Those include CVE-2017-11827, a memory corruption flaw in Edge and ...

Microsoft Patches 20 Critical Vulnerabilities
Threatpost • Tom Spring • 14 Nov 2017

Microsoft tackled 53 vulnerabilities with today’s Patch Tuesday bulletin. Remote code execution bugs dominated this month’s patches, representing 25 fixes. In total, 20 of Microsoft’s security fixes were rated critical.
Notable are four vulnerabilities with public exploits identified by Microsoft as CVE-2017-11848, CVE-2017-11827, CVE-2017-11883 and CVE-2017-8700. But, according to an analysis of Patch Tuesday fixes by Qualys, none of the four are being used in active campaigns.<...

Microsoft November Patch Tuesday Fixes 53 Security Issues
BleepingComputer • Catalin Cimpanu • 14 Nov 2017

Microsoft has released security updates for several products as  part of the company's November 2017 Patch Tuesday, the company's monthly update train.
This month, the Patch Tuesday updates include fixes for 53 security bugs in applications such as the Windows OS, several Office offerings, Internet Explorer, Microsoft Edge, ASP.NET Core, .NET Core, and the Chackra Core browser engine.
Details about four vulnerabilities were published online before today's patches, but fortunately, n...