It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.
Source: Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass

The post Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass appeared first on MondoUnix.