A high-risk vulnerability, rated as 7.8 in CVSS v3.1, affecting Windows 10.3.0 and earlier exists in the Hotspot Shield VPN client software. This allows an authorised user to potentially perform local privilege escalation.
The flaw exists in improper directory permissions on a log folder for the software client. It allows a local user to corrupt system files by creating specially crafted symbolic links to a critical file on the system. The user then overwrites it with the privileges of the application.
To mitigate this vulnerability, accurate Access Control List permissions should be set for any location where actions are performed by privileged processes. This includes the C:\ProgramData\Hotspot Shield\logs director
Source: NIST
Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…
Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…
It is an undeniable fact that all applications and infrastructures are essentially in need of…
