CVE-2024-23764: Local privilege escalation vulnerability

Description

STATUS: Fixed

RISK LEVEL: Medium

FIX: No User action is required. The required fix has been published through automatic update channel with ULCore version 2023-11-28_01.

Affected products

• All F‑Secure end­point protection products for Windows

Affected platforms

• Windows

More information

On October 30, 2023, a medium severity vulnerability was discovered in F-Secure Endpoint Protection solutions for Microsoft Windows. 

During investigation, we found that the affected component is used in the following F-Secure products:

• All F‑Secure end­point protection products for Windows

This vulnerability allows for a local user with administrator privileges to corrupt kernel memory leading to potential local privilege escalation. F-Secure is not aware of any known exploits of this vulnerability.

This issue was reported to F-Secure through the Vulnerability Reward Program.

Credits

F-Secure would like to thank Adam Babis for bringing this issue to our attention.

LinkedIn: https://www.linkedin.com/in/adam-babis-1275462a0/

Date issued: 2024-01-31