Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass

The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

Leave a Reply