Title

Microsoft Windows AppLocker Security Bypass Vulnerability (Cat II impact)

Discussion

Microsoft has released a security advisory addressing a vulnerability affecting Windows AppLocker in supported versions of Windows. AppLocker advances the features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications. To exploit this vulnerability, an attacker would send a malicious request to the affected system. If successfully exploited, the attacker would bypass security restrictions and compromise the affected system.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-61395

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.