Microsoft Windows CiSetFileCache TOCTOU Incomplete Fix

The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumventing Device Guard policies.


MD5 | dd01efee7f81b595a28eb0762c87ef42


Related Posts

Comments