SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Device Guard UMCI Validation Flaw Lets Local Users Bypass Security Restrictions
SecurityTracker Alert ID:  1040791
SecurityTracker URL:  http://securitytracker.com/id/1040791
CVE Reference:   CVE-2018-1035   (Links to External Site)
Date:  Apr 28 2018
Impact:   Disclosure of system information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10 Version 1709
Description:   A vulnerability was reported in Microsoft Windows Device Guard. A local user can bypass security restrictions.

Windows Device Guard does not properly validate User Mode Code Integrity (UMCI) policies. A local user can run a specially crafted application to bypass UMCI policy on the target system.

Impact:   A local user can bypass UMCI policy on the target system.
Solution:   The vendor has issued a fix.

[Editor's note: The vulnerability described in the vendor advisory was fixed as part of the April 2018 security update. However, the vulnerability and CVE number were not described in any advisory as part of the April 2018 security update. The vendor advises that users that have applied the applicable April 2018 security updates do not need to take any further action.]

The Microsoft advisories are available at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1035
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4093112

Vendor URL:  portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1035 (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC