Endpoint Vulnerability

Microsoft: Hypervisor Code Integrity Security Feature Bypass

Description

A security feature bypass vulnerability exists when Windows incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with Hypervisor Code Integrity (HVCI) enabled. To exploit this vulnerability, an attacker could run a specially crafted application to bypass code integrity protections in Windows. The security update addresses the vulnerability by correcting security feature behavior to preclude the incorrect marking of RWX pages under HVCI.

Affected Products

Windows 10

References

CVE-2016-0181,