Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass

It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.


MD5 | 8ebc146325ec05100a1d36b627380a7b


Related Posts

Comments