skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical Vulnerability Discovered in Lakeside Software's SysTrack

/ 1 min read

🛡️📜 Mandiant uncovers critical privilege escalation vulnerability in Lakeside Software’s SysTrack. Mandiant identified a local privilege escalation vulnerability, CVE-2023-6080, in Lakeside Software’s SysTrack Agent version 10.7.8, which could allow low-privilege users to execute arbitrary code. The flaw stems from insecure coding practices in the Microsoft Software Installer (MSI) repair action, enabling attackers to exploit predictable filename generation and race conditions during the repair process. Mandiant responsibly disclosed the issue, which has since been addressed in version 11.0. The incident highlights the importance of secure coding practices and proper folder permissions to mitigate risks associated with third-party Windows installers. Organizations are encouraged to audit their software for similar vulnerabilities to enhance endpoint security.

Source
{entry.data.source.title}
Original