virus logo Intrusion Prevention

MS.Windows.DeviceGuard.Security.Feature.Bypass

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in Microsoft Windows.
The vulnerability is due to an error when the vulnerable software attempts to handles unsigned files. An attacker can exploit this to bypass the signing level verification.

affected-products-logoAffected Products

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows Server, version 1709 (Server Core Installation)
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows Server, version 1803 (Server Core Installation)

Impact logoImpact

Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-06 14.627 Severity:high:low
2018-11-21 13.495 Default_action:pass:drop

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449
ID 46831
Created Sep 11, 2018
Updated May 02, 2022
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2018-8449
Exploit Prediction Score 0.06%
Default Action drop
Active
Affected OS Windows
Affected App Other