Microsoft CVE-2017-0007: Device Guard Security Feature Bypass Vulnerability
Description
A security feature bypass exists when Device Guard does not properly validate certain elements of a signed PowerShell script. An attacker who successfully exploited this vulnerability could modify the contents of a PowerShell script without invalidating the signature associated with the file. Because Device Guard relies on the signature to determine the script is non-malicious, Device Guard could then allow a malicious script to execute. In an attack scenario, an attacker could modify the contents of a PowerShell script without invalidating the signature associated with the file. The update addresses the vulnerability by correcting how Device Guard validates certain elements of signed PowerShell scripts.
Solution(s)
- msft-kb4012606-384d5679-3c34-433f-8564-66fc5136a5e9
- msft-kb4012606-6a38fe85-98ba-4ce2-b4eb-aed947d5c203
- msft-kb4013198-477b54b9-913d-4c4e-8da8-01e0b4cf15ce
- msft-kb4013198-6d9f75f7-d998-4188-a935-7603f4e51a4d
- msft-kb4013429-724ee219-b949-4d44-9e02-e464c6062ae4
- msft-kb4013429-74b1fe65-bd6b-4b76-a624-8674748898f2
- msft-kb4013429-e29d1b22-493d-44dd-8857-7c6c7cb6d84c
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center