Endpoint Vulnerability

Microsoft: CNG Security Feature Bypass Vulnerability

Description

A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels.

Affected Products

Windows 10,Windows Server 2016,Windows Server, version 1709 (Server Core Installation)

References

CVE-2018-0902,