CVE-2017-0007 Information

Description

Device Guard in Microsoft Windows 10 Gold 1511 1607 and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures aka \PowerShell Security Feature Bypass Vulnerability.\

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

http://www.securityfocus.com/bid/96018 http://www.securitytracker.com/id/1038001 https://enigma0x3.net/2017/04/03/defeating-device-guard-a-look-into-cve-2017-0007/ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0007

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.5