By manipulating filesystem paths and leveraging race situations, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, in the end triggering strategies that give them a system-level command immediate. System entry on an enterprise endpoint successfully grants management over coverage enforcement, credential theft paths, and lateral motion capabilities.
Alternatively, attackers can get the privileged course of to jot down arbitrary information to delicate system information (similar to drivers), corrupting them and forcing blue display screen of loss of life (BSOD) situations. This not solely knocks machines offline however can require substantial remediation effort, notably throughout distributed fleets.
Pinto mentioned that updating to JumpCloud Distant Help for Home windows model 0.317.0 or later will remediate this difficulty. “My staff and I responsibly disclosed the vulnerability to JumpCloud, which confirmed the findings and promptly launched a patch.” Whereas NIST’s Nationwide Vulnerability Database (NVD) marks the flaw as fastened and references the JumpCloud Agent launch notes for patching, there’s presently no word devoted to the flaw on the web page or on JumpCloud’s assist website. JumpCloud didn’t instantly reply to CSO’s request for feedback.
