CVE-2024-23764: Local privilege escalation vulnerability

Description

STATUS: Fixed

RISK LEVEL: Medium

FIX: No user action is required. The required fix has been published through automatic update channel with ULCore version 2023-11-28_01.

Affected products

• All F‑Secure end­point protection products for Windows

Affected platforms

• Windows

More information

On October 30, 2023, a medium severity vulnerability was discovered in F‑Secure Endpoint Protection solutions for Microsoft Windows.

During investigation, we found that the affected component is used in the following F-Secure products:

• All F‑Secure end­point protection products for Windows

This vulnerability allows for a local user with administrator privileges to corrupt kernel memory leading to potential local privilege escalation. F‑Secure is not aware of any known exploits of this vulnerability.

This issue was reported to F‑Secure through the Vulnerability Reward Program.

Credits

F-Secure would like to thank Adam Babis (LinkedIn) for bringing this issue to our attention.

Date issued: 2024-01-31