Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that give them a system-level command prompt. System access on an enterprise endpoint effectively grants control over policy enforcement, credential theft paths, and lateral movement capabilities.Alternatively, attackers can get the privileged process to write arbitrary data to sensitive system files (such as drivers), corrupting them and forcing blue screen of death (BSOD) conditions. This not only knocks machines offline but can require substantial remediation effort, particularly across distributed fleets.Pinto said that updating to JumpCloud Remote Assist for Windows version 0.317.0 or later will remediate this issue. “My team and I responsibly disclosed the vulnerability to JumpCloud, which confirmed the findings and promptly released a patch.” While >NIST‘s National Vulnerability Database (NVD) marks the flaw as fixed and references the JumpCloud Agent release notes for patching, there is currently no note dedicated to the flaw on the page or on JumpCloud’s support site. JumpCloud did not immediately respond to CSO’s request for comments.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4107744/jumpcloud-agent-turns-uninstall-into-a-system-shortcut.html
