CVE-2017-8625 Information

Description

Internet Explorer in Windows 10 Gold 1511 1607 1703 and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies aka \Internet Explorer Security Feature Bypass Vulnerability.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/100063 http://www.securitytracker.com/id/1039112 https://msitpros.com/?p=3909 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625 https://posts.specterops.io/umci-vs-internet-explorer-exploring-cve-2017-8625-3946536c6442

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8