CrowdStrike has released fixes for two security issues affecting the Falcon sensor for Windows. Both vulnerabilities require an attacker to have already established the ability to execute code on the host system. Successful exploitation could allow the adversary to delete arbitrary files , which could lead to stability or functionality issues with the Falcon sensor, other software, or the operating system itself.
CVSS Score: 5.6Type: CWE-367 [Time-of-check Time-of-use (TOCTOU) Race Condition]Description: A race condition in the Falcon Sensor for Windows allows an attacker with local code execution privileges to delete arbitrary files.
CVSS Score: 6.5Type: CWE-346 [Origin Validation Error]Description: A logic error in Falcon Sensor for Windows allows attackers to delete arbitrary files due to improper validation.
Prerequisite: To exploit these issues, an adversary must have the prior ability to execute code on a host.Potential Actions: Deletion of arbitrary system, application, or Falcon Sensor files.Impact: May lead to loss of system stability, malfunction of endpoint security controls, or operational disruptions.Current Status: CrowdStrike has no indication that these issues have been exploited in the wild and is actively monitoring for any signs of abuse.
Falcon sensor for Windows versions: 7.28.20006, 7.27.19907, 7.26.19811, 7.26.19809, 7.25.19706, 7.24.19607 and earlier, 7.16.18635 and earlier 7.16 builds (WIN7/2008 R2 only)
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy
