Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-1039: .NET Framework Device Guard Security Feature Bypass Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft CVE-2018-1039: .NET Framework Device Guard Security Feature Bypass Vulnerability

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
05/08/2018
Created
07/25/2018
Added
05/08/2018
Modified
11/18/2021

Description

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how .Net Framework instantiates COM objects.

Solution(s)

  • msft-kb4099637-192b76d7-3f2c-4b0c-88a3-8ece93530cc4-kb4095514
  • msft-kb4099637-192b76d7-3f2c-4b0c-88a3-8ece93530cc4-kb4095519
  • msft-kb4099637-192b76d7-3f2c-4b0c-88a3-8ece93530cc4-kb4096237
  • msft-kb4099637-cdc86be5-1781-4ca7-94d0-60c825e43a16-kb4095514
  • msft-kb4099637-cdc86be5-1781-4ca7-94d0-60c825e43a16-kb4095519
  • msft-kb4099637-cdc86be5-1781-4ca7-94d0-60c825e43a16-kb4096237
  • msft-kb4099637-e0947a57-3be5-4bce-8d82-3ba4a38c81dd-kb4095514
  • msft-kb4099638-56ad042e-adaa-4379-8155-53bcb97a7cfe-kb4095512
  • msft-kb4099638-56ad042e-adaa-4379-8155-53bcb97a7cfe-kb4095518
  • msft-kb4099638-56ad042e-adaa-4379-8155-53bcb97a7cfe-kb4096235
  • msft-kb4099638-73578b8f-2e95-42b2-9559-32f873423108-kb4095512
  • msft-kb4099638-73578b8f-2e95-42b2-9559-32f873423108-kb4095518
  • msft-kb4099638-73578b8f-2e95-42b2-9559-32f873423108-kb4096235
  • msft-kb4099638-fc652d36-6fae-412c-b2a6-91b246222ea0-kb4095512
  • msft-kb4099638-fc652d36-6fae-412c-b2a6-91b246222ea0-kb4095518
  • msft-kb4099638-fc652d36-6fae-412c-b2a6-91b246222ea0-kb4096235
  • msft-kb4099639-041c9d83-7a16-4e5d-8f2b-35d5cca0fc62-kb4095515
  • msft-kb4099639-041c9d83-7a16-4e5d-8f2b-35d5cca0fc62-kb4095517
  • msft-kb4099639-041c9d83-7a16-4e5d-8f2b-35d5cca0fc62-kb4096236
  • msft-kb4099639-be6a176d-f73e-46be-b458-248528b0a80f-kb4095515
  • msft-kb4099639-be6a176d-f73e-46be-b458-248528b0a80f-kb4095517
  • msft-kb4099639-be6a176d-f73e-46be-b458-248528b0a80f-kb4096236
  • msft-kb4099640-14133e96-e4fb-4c3e-9b50-df297991d9c7-kb4095513
  • msft-kb4099640-14133e96-e4fb-4c3e-9b50-df297991d9c7-kb4095519
  • msft-kb4099640-14133e96-e4fb-4c3e-9b50-df297991d9c7-kb4096237
  • msft-kb4099640-6f0fabe6-1e40-41a6-8cfd-8563cbdc503a-kb4095513
  • msft-kb4099640-6f0fabe6-1e40-41a6-8cfd-8563cbdc503a-kb4095519
  • msft-kb4099640-6f0fabe6-1e40-41a6-8cfd-8563cbdc503a-kb4096237
  • msft-kb4099640-75423fa5-ad47-4b3d-92ac-d3132a389ddf-kb4095513
  • msft-kb4103716-34e04a3c-fab2-4a5e-b231-a37aac882e0f
  • msft-kb4103716-8759c2a2-230b-4089-9c04-586cf2746a71
  • msft-kb4103721-eb863932-a151-446c-8884-ab5add176f94
  • msft-kb4103721-f7846ea0-3bd9-48a2-b230-0be2ad24b4ea
  • msft-kb4103723-54f93c06-1d96-40f5-bdc8-f9924dbcd522
  • microsoft-windows-windows_server_2016-1607-kb4103723
  • msft-kb4103723-a74a9c4e-0823-4afc-8b58-cf1785a2e2b4
  • msft-kb4103727-0dae0270-e483-4c81-9914-263ec487c6c1
  • msft-kb4103727-c03178c9-b5d2-4c5f-819f-c8871513e23d
  • msft-kb4103731-610e3534-770e-4bab-845a-0159c0645106
  • msft-kb4103731-f80f24fa-933a-44d1-a83a-8013a727d881

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;