4.6
MEDIUM

CVE-2018-8492

Published: 10/10/2018 Updated: 30/11/2018
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.3 | Impact Score: 3.4 | Exploitability Score: 1.8

Vulnerability Summary

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Complexity: LOW
Authentication: NONE
Access Vector: LOCAL
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 101607, 1703, 1709, 1803, 1809
MicrosoftWindows Server 2016-, 1709, 1803
MicrosoftWindows Server 2019-

Recent Articles

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug
The Register • Shaun Nichols in San Francisco • 09 Oct 2018

Redmond goes retro in latest Patch Tuesday bundle

Microsoft has released the October edition of its monthly security update, addressing a total of 49 CVE-listed bugs.
Among the 49 fixes were three issues that have already been publicly disclosed and a fourth that was being targeted in the wild. On top of that, a remote code execution bug in Exchange Server is the resurfacing of a vulnerability first found in 2010.
CVE-2010-3190 is a remote code execution bug created by insecure handling of DLL files in applications made with Microso...

References