MS.Power.Shell.Device.Guard.Security.Feature.Bypass
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in Microsoft Windows Device Guard.
The vulnerability is due to an error when the vulnerable software attempts to handles maliciously crafted file. An attacker can exploit this by tricking a user into opening a malicious file and bypass Code Integrity Policy within PowerShell.
Affected Products
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Impact
Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems
Recommended Actions
Apply the latest update from the vendor
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0215
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-10 | 14.629 | Severity:high:medium |