Advisory ID: BT24-01
CVSSv3 Score: 6.3 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Issue Date: 2024-02-14
Updated On: 2024-02-14
CVE(s): CVE-2024-25083
Synopsis:
Prior to version 24.1, a local authenticated attacker with privileges to initiate a repair on Privilege Management for Windows could hijack the elevated process to execute arbitrary programs with elevated privileges. This attack is mitigated by anti-tamper restrictions and policy restrictions.
Impacted Product:
Privilege Management for Windows
Mitigation Details:
1. Create a new application group (e.g., AppGroup1) with the following criteria:
a. File or Folder Name matches:
--- File or Folder Name: PGUserMode perform matching using: contains
b. Product Name matches:
--- Product Name: BeyondTrust Privilege Management
--- Match case: Yes
--- Perform Match Using: Exact Match
c. Publisher matches:
--- Publisher: BeyondTrust Corporation
--- Match Case: Yes
--- Perform Match Using: Exact Match
d. Product Description matches:
--- Product Description: BeyondTrust Privilege Management User Mode Utility
--- Match Case: Yes
--- Perform Match Using: Exact Match
e. Trusted Ownership matches:
--- Advanced options: only "Force standard user rights on File Open/Save common dialogs" option is enabled
2. Create a new application group (e.g., AppGroup2) with the following criteria:
a. File or Folder Name matches:
--- File or Folder name: *
--- Perform match using: Regular Expressions
b. Parent Process matches:
--- Parent Process Group: AppGroup1 (name of the group you created above)
c. Advanced Options: only "Force standard user rights on File Open/Save common dialogs" option is enabled
3. Create a new Application Rule
--- Target Application Group: AppGroup2 (name of the second group you created above)
--- Action: Allow Execution
--- End User Message: Off
--- Access Token: Enforce User's Default Rights
Affected Versions
Product | Version |
|---|---|
Privilege Management for Windows | Prior to 24.1 |
Fixed Versions
Product | Version |
|---|---|
Privilege Management for Windows | 24.1 |
Acknowledgments
BeyondTrust would like to thank Andreas Aaris-Larsen of Banshie Cyber Security Services for reporting this vulnerability to us through our secure channel.