Critical severity9.8NVD Advisory· Published Dec 12, 2017· Updated May 13, 2026

CVE-2017-11899

Description

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".

Affected products

Microsoft/Windows 105 versions
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft/Windows Server 20162 versions
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
Microsoft Corporation/Device Guardv5
Range: Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11899nvdPatchVendor Advisory
www.securityfocus.com/bid/102077nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039992nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.016
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000