cnvd - cnvd-2018-24938

CNVD-2018-24938

Vulnerability from cnvd - Published: 2018-12-10

Title

Microsoft Windows Device Guard安全绕过漏洞（CNVD-2018-24938）

Description

Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。 Microsoft Windows存在远程安全绕过漏洞。攻击者可以利用此漏洞绕过某些安全限制并执行未经授权的操作。这可能有助于进一步的攻击。

Severity

低

Patch Name

Microsoft Windows Device Guard安全绕过漏洞（CNVD-2018-24938）的补丁

Patch Description

Microsoft Windows是美国微软（Microsoft）公司发布的一系列操作系统。 Microsoft Windows存在远程安全绕过漏洞。攻击者可以利用此漏洞绕过某些安全限制并执行未经授权的操作。这可能有助于进一步的攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449

Reference

https://www.securityfocus.com/bid/105272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8449

Impacted products

Name
['Microsoft Windows 10', 'Microsoft Windows 10 1607', 'Microsoft Windows Server 2016', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709', 'Microsoft Windows Server 1709', 'Microsoft Windows 10 1803', 'Microsoft Windows Server 1803']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105272"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8449"
    }
  },
  "description": "Microsoft Windows\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nMicrosoft Windows\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002 \u8fd9\u53ef\u80fd\u6709\u52a9\u4e8e\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "discovererName": "James Forshaw of Google Project Zero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24938",
  "openTime": "2018-12-10",
  "patchDescription": "Microsoft Windows\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows\u5b58\u5728\u8fdc\u7a0b\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002 \u8fd9\u53ef\u80fd\u6709\u52a9\u4e8e\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows Device Guard\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2018-24938\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows 10",
      "Microsoft Windows 10 1607",
      "Microsoft Windows Server 2016",
      "Microsoft Windows 10 1703",
      "Microsoft Windows 10 1709",
      "Microsoft Windows Server 1709",
      "Microsoft Windows 10 1803",
      "Microsoft Windows Server 1803"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/105272\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8449",
  "serverity": "\u4f4e",
  "submitTime": "2018-09-12",
  "title": "Microsoft Windows Device Guard\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2018-24938\uff09"
}

CVE-2018-8449 (GCVE-0-2018-8449)

Vulnerability from cvelistv5 – Published: 2018-09-13 00:00 – Updated: 2024-08-05 06:54

Summary

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Severity ?

No CVSS data available.

CWE

Security Feature Bypass

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1041642	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/105272	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/45435/	exploitx_refsource_EXPLOIT-DB

Impacted products

Vendor

Product

Version

Microsoft

Windows Server 2016

Affected: (Server Core installation)

	Microsoft	Windows 10	Affected: 32-bit Systems Affected: Version 1607 for 32-bit Systems Affected: Version 1607 for x64-based Systems Affected: Version 1703 for 32-bit Systems Affected: Version 1703 for x64-based Systems Affected: Version 1709 for 32-bit Systems Affected: Version 1709 for x64-based Systems Affected: Version 1803 for 32-bit Systems Affected: Version 1803 for x64-based Systems Affected: x64-based Systems
	Microsoft	Windows 10 Servers	Affected: version 1709 (Server Core Installation) Affected: version 1803 (Server Core Installation)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:54:36.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041642",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041642"
          },
          {
            "name": "105272",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105272"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449"
          },
          {
            "name": "45435",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45435/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "(Server Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows 10 Servers",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 1709  (Server Core Installation)"
            },
            {
              "status": "affected",
              "version": "version 1803  (Server Core Installation)"
            }
          ]
        }
      ],
      "datePublic": "2018-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka \"Device Guard Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-21T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041642",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041642"
        },
        {
          "name": "105272",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105272"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449"
        },
        {
          "name": "45435",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45435/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows Server 2016",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "32-bit Systems"
                          },
                          {
                            "version_value": "Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Servers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 1709  (Server Core Installation)"
                          },
                          {
                            "version_value": "version 1803  (Server Core Installation)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka \"Device Guard Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041642",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041642"
            },
            {
              "name": "105272",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105272"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8449"
            },
            {
              "name": "45435",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45435/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8449",
    "datePublished": "2018-09-13T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:54:36.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-24938

CVE-2018-8449 (GCVE-0-2018-8449)

Tags

Sightings

Nomenclature