Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8201: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2018-8201: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/12/2018
Created
07/25/2018
Added
06/12/2018
Modified
11/18/2021

Description

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy. The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.

Solution(s)

  • msft-kb4284819-09802fac-5d82-4589-9da1-a1b16f7516c6
  • msft-kb4284819-12056057-df80-4f20-a9f8-c8b9bd18ccd6
  • msft-kb4284819-af7712ab-eaad-4b7d-8b8e-2a060c2bfe53
  • msft-kb4284835-3c78a800-e801-4176-a748-b741cf1f302a
  • msft-kb4284835-f0914666-2046-4a90-8eeb-2a49b3a2d663
  • msft-kb4284835-f74f5aaf-95df-4818-8df0-2986a9d1a34e
  • msft-kb4284860-1a3a39c1-fdd4-4e6f-b16b-9593c41df042
  • msft-kb4284860-1b92ed90-ad9d-40f4-8c2c-decd1abd27ea
  • msft-kb4284874-689410ed-3cb3-4b76-84b1-5b940e14ab6a
  • msft-kb4284874-fd45c4c5-93e4-4467-a41d-4876854a0a7c
  • msft-kb4284880-073aa939-731e-464c-b64e-f6241c4d9a86
  • msft-kb4284880-29a03d50-43ed-42e6-8012-2a9f083f4f81
  • msft-kb4284880-3105f320-7d78-4034-a86c-03b4f9352480
  • msft-kb4284880-828da5bc-120f-4a10-9fe3-c20aaafbbaff
  • msft-kb4284880-b0b5ce3d-8502-4c09-a621-8486d91d775e
  • msft-kb4284880-fa8b8608-4925-4c9b-871f-a3e5d0b082fa

References

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;