CVE-2018-8200

EUVD-2018-19869
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_server_2016
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4343892
1607 (x64, x86)
KB4343887
1703 (x64, x86)
KB4343885
1709 (x64, x86)
KB4343897
1803 (x64, x86)
KB4343909
Windows Server
1709 Server Core
KB4343897
1803 Server Core
KB4343909
Windows Server 2016
Server Core
KB4343887
Standard
KB4343887
References
http://www.securityfocus.com/bid/105007
http://www.securitytracker.com/id/1041459
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200
http://www.securityfocus.com/bid/105007
http://www.securitytracker.com/id/1041459
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200