WithSecure Endpoint Protection solutions for Microsoft Windows CVE-2023-47172
WithSecure Endpoint Protection solutions for Microsoft Windows
On October 26, 2023, a high severity vulnerability was discovered in WithSecure Endpoint Protection solutions for Microsoft Windows, which has been assigned the CVE-2023-47172 identifier[2][5]. This vulnerability allows a local user with administrator privileges to corrupt kernel memory, leading to potential local privilege escalation[1][2]. The affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and later[1][2][5].
This vulnerability can be exploited by an attacker who has already gained access to a system with administrator privileges. Once exploited, the attacker can execute arbitrary code with elevated privileges, which can lead to a complete compromise of the affected system[2].
WithSecure has released a patch to address this vulnerability, and users are advised to update their software as soon as possible to ensure their systems are protected[1][2][5]. It is also recommended to follow best practices for securing systems, such as limiting user privileges and monitoring for suspicious activity[2].
Citations:
[0] https://en.cyberhat.online/forum/daily-cve-english/security-vulnerabilities-released-20-november-2023
[1] https://www.withsecure.com/en/support/security-advisories/cve-2023-47172
[2] https://www.withsecure.com/no-en/support/security-advisories/cve-2023-47172
[3] https://nvd.nist.gov/vuln/detail/CVE-2023-47172
[4] https://vuldb.com