To exploit this vulnerability, Trellix wrote, the adversary must have the ability to map a network drive to their local machine. “In the very rare circumstances where this vulnerability could be exploited, it could effectively bypass DLP protections and let an attacker export valuable data,” he said.
“I don't want to over-state the issue, but it's not a zero-risk vulnerability,” he said. Mike Parkin, senior technical engineer at Vulcan Cyber, said while he believed the exploitation of the bug was unlikely, urged organizations that utilize DLP to prioritize installing the patch. The primary reasoning for the Trellix rating is that the vulnerability is only exploitable during the installation of the product. While NIST rates the bug as high, Trellix believes the flaw poses less of a threat, rating it “medium severity”. Security researchers warn the bug, which NIST gave an 8.2 or “high” severity rating, is not an easy upgrade, increasing the odds that security teams might overlook the fix. Customers are urged to upgrade to Trellix for Windows 11.10.0 that mitigates the flaw. The flaw (CVE-2023-0400) impacts Windows versions of Trellix DLP (11.9.x), released in August 2022. Leading data loss prevention (DLP) vendor Trellix is urging customers to patch a high-severity flaw that allows local attackers to bypass restrictions and exfiltrate sensitive data they wouldn’t otherwise have access to.
0 kommentar(er)
