Microsoft Security Advisory CVE-2019-1167: Windows Defender Application Control Security Feature Bypass Vulnerability
CVE-2019-1167
Affected versions: | <6.2.2 |
Patched versions: | 6.2.2,6.1.5 |
Package: | System.Management.Automation |
Package ecosystem: | NuGet |
Executive Summary
A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement.
An attacker who successfully exploited this vulnerability could circumvent PowerShell Core Constrained Language Mode on the machine.
An attacker who successfully exploited this vulnerability could circumvent PowerShell Core Constrained Language Mode on the machine.
To exploit the vulnerability,
an attacker would first have access to the local machine where PowerShell is running in Constrained Language mode.
By doing that an attacker could leverage script debugging to abuse signed modules in an unintended way.
an attacker would first have access to the local machine where PowerShell is running in Constrained Language mode.
By doing that an attacker could leverage script debugging to abuse signed modules in an unintended way.
The update addresses the vulnerability by correcting how PowerShell functions in Constrained Language Mode.
System administrators are advised to update PowerShell Core to an unaffected version (see affected software.)
System administrators are advised to update PowerShell Core to an unaffected version (see affected software.)
How do I update to an unaffected version?
Follow the instructions at Installing PowerShell Core to install the latest version of PowerShell Core.
Affected Software
The vulnerability affects PowerShell Core prior to the following versions:
PowerShell Core Version | Fixed in |
---|---|
6.1 | 6.1.5 |
6.2 | 6.2.2 |
Comments
Post a Comment