Plattform
windows
Komponente
webroot-antivirus
Behoben in
9.0.35.17
CVE-2023-7241 is a privilege escalation vulnerability affecting Webroot Antivirus versions 8.0.10 through 9.0.35.12. This flaw allows malicious software to exploit WRSA.EXE, a core component of the antivirus software, to delete arbitrary and protected files on Windows systems. The vulnerability has been resolved in version 9.0.35.17, and users are strongly advised to upgrade.
The impact of CVE-2023-7241 is significant due to its potential for privilege escalation and data loss. An attacker who successfully exploits this vulnerability can leverage WRSA.EXE to delete critical system files, application data, or even security logs, effectively crippling the system or masking their malicious activity. This could lead to complete system compromise, data exfiltration, or denial of service. The ability to delete protected files bypasses standard security controls, making this a particularly dangerous vulnerability. The scope of impact extends to any system running the affected versions of Webroot Antivirus.
CVE-2023-7241 was publicly disclosed on May 1, 2024. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released, but the ease of exploitation (due to the ability to delete protected files) suggests that a PoC could emerge relatively quickly. The vulnerability has been added to the CISA KEV catalog, indicating a potential risk to federal executive branch agencies.
Organizations using Webroot Antivirus in environments with sensitive data or critical infrastructure are particularly at risk. Systems with legacy configurations or those that haven't been regularly patched are also more vulnerable. Shared hosting environments where multiple users share the same server could potentially be affected if one user's compromised account exploits this vulnerability.
• windows / supply-chain:
Get-Process -Name WRSA | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID=1001 and Source='Webroot'"• windows / supply-chain: Check Autoruns for unusual entries related to WRSA.EXE or Webroot Antivirus. • windows / supply-chain: Use Sysinternals Process Monitor to monitor WRSA.EXE's file system activity.
disclosure
Exploit-Status
EPSS
0.05% (15% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2023-7241 is to upgrade Webroot Antivirus to version 9.0.35.17 or later. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider temporarily restricting the permissions of WRSA.EXE to limit its ability to delete files. While not a complete solution, this can reduce the potential impact of exploitation. Monitor system logs for any unusual activity related to WRSA.EXE, particularly file deletion events. After upgrading, confirm the fix by attempting to trigger the vulnerability using a known exploit technique (if available) or by verifying that WRSA.EXE no longer has the ability to delete protected files.
Actualice Webroot Antivirus a la última versión disponible. Consulte el sitio web del proveedor para obtener la versión más reciente y las instrucciones de actualización. Esto mitiga la vulnerabilidad de escalada de privilegios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2023-7241 is a vulnerability in Webroot Antivirus versions 8.0.10–9.0.35.12 that allows malicious software to delete protected files, potentially leading to system compromise.
You are affected if you are running Webroot Antivirus versions 8.0.10 through 9.0.35.12. Check your version and upgrade immediately.
Upgrade to Webroot Antivirus version 9.0.35.17 or later to resolve this vulnerability. Consider temporary permission restrictions if an immediate upgrade is not possible.
Currently, there is no confirmed active exploitation, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official Webroot security advisory for detailed information and updates: [https://www.webroot.com/us/en/resources/alerts/2024/05/23-001.html](https://www.webroot.com/us/en/resources/alerts/2024/05/23-001.html)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.