CVE – Oddvar Moe's Blog

Defense-In-Depth write-up

Posted on 13 Sep 20177 Nov 2017 by Oddvar Moe [MVP]

TL;DR .BGI files can be sent on mail as attachment and can execute code when opened.Requires that BGinfo.exe has been run on the remote machine once. It will also bypass Outlook attachment protection (Fixed with Defense-in-depth patch from September 2017). PowerShell functions to generate BGI and VBSWebMeter here: https://github.com/api0cradle/BGInfo I was acknowledged on … Continue reading Defense-In-Depth write-up →

Bypassing Device guard UMCI using CHM – CVE-2017-8625

Posted on 13 Aug 20177 Nov 2017 by Oddvar Moe [MVP]

TL;DR You could/can bypass Device Guard user mode code integrity with a custom CHM and execute code. The last 6 months I have done some security research on my (little) spare time, because I find that very interesting. During this time, I was lucky enough to find another valid Device Guard UMCI bypass (I … Continue reading Bypassing Device guard UMCI using CHM – CVE-2017-8625 →