CVE-2023-47172 Local Privilege Escalation Vulnerability

Status

Fixed

Risk level

High

Action required

No User action is required. The required fix has been published through automatic update channel with ULCore version 2023-11-08_01

Affected products

All WithSecure Endpoint Protection products for Windows o WithSecure Client Security 15 onwards o WithSecure Server Security 15 onwards o WithSecure Email and Server Security 15 onwards o WithSecure Elements Endpoint Protection 17 onwards

Platforms

All supported platforms for the affected products

Date issued

2023-11-16

More information

On October 26, 2023, a high severity vulnerability was discovered in WithSecure Endpoint Protection solutions for Microsoft Windows.

During investigation, we found that the affected component is used in the following WithSecure™ products:

WithSecure Client Security 15 onwards
WithSecure Server Security 15 onwards
WithSecure Email and Server Security 15 onwards
WithSecure Elements Endpoint Protection 17 onwards

This vulnerability allows for a local user with administrator privileges to corrupt kernel memory, leading to potential local privilege escalation.

WithSecure is not aware of any known exploits for this vulnerability.

We will update the advisory page as additional information becomes available.