CVE-2019-0627 - Windows Security Feature Bypass Vulnerability

  1. Brink's Avatar
    Posts : 37,040
    64-bit Windows 10 Pro build 18860
       #1

    CVE-2019-0627 - Windows Security Feature Bypass Vulnerability


    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

    To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.

    The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies.

    Exploitability Assessment

    The following table provides an exploitability assessment for this vulnerability at the time of original publication.

    Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service
    No No 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable

    Security Updates

    To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

    Product Platform Article Download Impact Severity Supersedence
    PowerShell Core 6.1 Release Notes Security Update Security Feature Bypass Important
    PowerShell Core 6.2 Release Notes Security Update Security Feature Bypass Important
    Windows 10 for 32-bit Systems 4487018 Security Update Security Feature Bypass Important 4480962
    Windows 10 for x64-based Systems 4487018 Security Update Security Feature Bypass Important 4480962
    Windows 10 Version 1607 for 32-bit Systems 4487026 Security Update Security Feature Bypass Important 4480961
    Windows 10 Version 1607 for x64-based Systems 4487026 Security Update Security Feature Bypass Important 4480961
    Windows 10 Version 1703 for 32-bit Systems 4487020 Security Update Security Feature Bypass Important 4480973
    Windows 10 Version 1703 for x64-based Systems 4487020 Security Update Security Feature Bypass Important 4480973
    Windows 10 Version 1709 for 32-bit Systems 4486996 Security Update Security Feature Bypass Important 4480978
    Windows 10 Version 1709 for 64-based Systems 4486996 Security Update Security Feature Bypass Important 4480978
    Windows 10 Version 1709 for ARM64-based Systems 4486996 Security Update Security Feature Bypass Important 4480978
    Windows 10 Version 1803 for 32-bit Systems 4487017 Security Update Security Feature Bypass Important 4480966
    Windows 10 Version 1803 for ARM64-based Systems 4487017 Security Update Security Feature Bypass Important 4480966
    Windows 10 Version 1803 for x64-based Systems 4487017 Security Update Security Feature Bypass Important 4480966
    Windows 10 Version 1809 for 32-bit Systems 4487044 Security Update Security Feature Bypass Important 4480116
    Windows 10 Version 1809 for ARM64-based Systems 4487044 Security Update Security Feature Bypass Important 4480116
    Windows 10 Version 1809 for x64-based Systems 4487044 Security Update Security Feature Bypass Important 4480116
    Windows Server 2016 4487026 Security Update Security Feature Bypass Important 4480961
    Windows Server 2016 (Server Core installation) 4487026 Security Update Security Feature Bypass Important 4480961
    Windows Server 2019 4487044 Security Update Security Feature Bypass Important 4480116
    Windows Server 2019 (Server Core installation) 4487044 Security Update Security Feature Bypass Important 4480116
    Windows Server, version 1709 (Server Core Installation) 4486996 Security Update Security Feature Bypass Important 4480978
    Windows Server, version 1803 (Server Core Installation) 4487017 Security Update Security Feature Bypass Important 4480966

    Mitigations

    Microsoft has not identified any mitigating factors for this vulnerability.

    Workarounds

    Microsoft has not identified any workarounds for this vulnerability.

    Acknowledgements

    Matt Graeber of SpecterOps

    See acknowledgements for more information.

    Disclaimer

    The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

    Revisions

    Version Date Description
    1.0 02/12/2019 Information published.
    2.0 02/19/2019 Revised the Security Updates table to include PowerShell Core 6.1 and 6.2 because they are affected by this vulnerability. See Microsoft Security Advisory - Multiple UMCI bypass vulnerabilities Issue #13 PowerShell/Announcements GitHub for more information.

    Source: https://portal.msrc.microsoft.com/en.../CVE-2019-0627
    Last edited by Brink; 4 Weeks Ago at 00:01.
      My ComputersSystem Spec

  2.    #1

    @Brink,

    Would I be interpreting this fine notification from MS correctly if I read the entry for "Windows 10 Version 1809 for x64-based Systems" as meaning that, if I have installed the KB4487044 update on such a system, this vulnerability is now patched on that system, and it is now safe from said vulnerability?

    Is it safe???? (cue Sir Laurence Olivier voice from Marathon Man)
      My ComputersSystem Spec

  3. Brink's Avatar
    Posts : 37,040
    64-bit Windows 10 Pro build 18860
    Thread Starter
       #2

    Hello @mta3006,

    Correct. KB4487044 includes the fix for Windows 10 v1809.
      My ComputersSystem Spec


 

Related Threads
The new Ransomware Remediation feature in Bitdefender 2019 in AntiVirus, Firewalls and System Security
https://www.bitdefender.com/consumer/support/answer/13349/ Anyone using Bitdefender and care to comment on this feature. I suppose I am most curious if anything has gone amiss if it is enabled such as a corrupted system file or perhaps it...
Source: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8512
Source: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180022
Source: New File Share Witness Feature in Windows Server 2019 | Clustering and High-Availability
Read more: Decade-old Windows kernel bug lets hackers bypass security protections | ZDNet
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:39.
Find Us