Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass

It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.

MD5 | 8ebc146325ec05100a1d36b627380a7b

Download

Source: packetstormsecurity.com