Intrusion Prevention

MS.Power.Shell.Device.Guard.Security.Feature.Bypass

Description

This indicates an attack attempt to exploit a Security Bypass vulnerability in Microsoft Windows Device Guard.
The vulnerability is due to an error when the vulnerable software attempts to handles maliciously crafted file. An attacker can exploit this by tricking a user into opening a malicious file and bypass Code Integrity Policy within PowerShell.

Affected Products

Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)

Impact

Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems

Recommended Actions

Apply the latest update from the vendor
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0215

CVE References

CVE-2017-0215