vuln disclosure
Intune Management Extension Command Injection Allows WDAC BypassIntune Management Extension WDAC Bypass
A vulnerability in the Microsoft Intune Management Extension allowed a regular user to bypass Windows Defender Application Control (WDAC) by exploiting a command injection in the -PowerShell parameter. This enabled writing files with Managed Installer trust attributes, effectively bypassing WDAC enforcement. The issue was fixed by removing the vulnerable parameter.