Rewterz Threat Advisory – CVE-2019-0632 – Microsoft Windows Device Guard Local Security Bypass Vulnerability

Severity

Medium

Analysis Summary

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.

Impact

Security bypass

Affected Products

• Microsoft PowerShell Core 6.1
• Microsoft PowerShell Core 6.2
• Microsoft Windows 10 for 32-bit Systems
• Microsoft Windows 10 for x64-based Systems
• Microsoft Windows 10 Version 1607 for 32-bit Systems
• Microsoft Windows 10 Version 1607 for x64-based Systems
• Microsoft Windows 10 version 1703 for 32-bit Systems
• Microsoft Windows 10 version 1703 for x64-based Systems
• Microsoft Windows 10 version 1709 for 32-bit Systems
• Microsoft Windows 10 Version 1709 for ARM64-based Systems
• Microsoft Windows 10 version 1709 for x64-based Systems
• Microsoft Windows 10 Version 1803 for 32-bit Systems
• Microsoft Windows 10 Version 1803 for ARM64-based Systems
• Microsoft Windows 10 Version 1803 for x64-based Systems
• Microsoft Windows 10 Version 1809 for 32-bit Systems
• Microsoft Windows 10 Version 1809 for ARM64-based Systems
• Microsoft Windows 10 Version 1809 for x64-based Systems
• Microsoft Windows Server 1709
• Microsoft Windows Server 1803
• Microsoft Windows Server 2016
• Microsoft Windows Server 2019

Remediation
Vendor has released update for the affected product.

Update to version 6.1.3.