FortiClient VulnerabilityMicrosoft Device Guard Code Integrity Policy CVE-2018-8492 Security Feature Bypass Vulnerability
Description
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then inject malicious code into a script that is trusted by the Code Integrity policy. The injected code would then run with the same trust level as the script and bypass the Code Integrity policy. The update addresses the vulnerability by correcting how PowerShell exposes functions and processes user supplied code.
Affected Applications
Windows Server 2016
Windows 10
Windows Server version 1803 (Server Core Installation)
Windows Server version 1709 (Server Core Installation)
Windows Server 2019
CVE References
CVE-2018-8492Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8492| ID | 51857 |
| Created | Oct 09, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows Server 2016 , Windows 10 , Windows Server version 1803 (Server Core Installation) , Windows Server version 1709 (Server Core Installation) , Windows Server 2019 |