Plattform
windows
Komponente
idrive-cloud-backup-client-for-windows
Behoben in
7.0.0.63
CVE-2026-1995 describes a Privilege Escalation vulnerability affecting IDrive Cloud Backup Client for Windows. This flaw allows standard users to execute arbitrary code with SYSTEM privileges by manipulating files within the IDrive application directory. The vulnerability impacts versions 0 through 7.0.0.63, and a fix is available in version 7.0.0.63.
The vulnerability stems from the id_service.exe process, which runs with elevated privileges and reads data from files under C:\ProgramData\IDrive\. Crucially, these files are read as arguments when launching processes, and standard users can modify them. An attacker can overwrite these files to point to a malicious executable, effectively gaining SYSTEM-level control over the affected machine. This allows for complete compromise, including data theft, installation of malware, and persistent backdoor access. The potential blast radius is significant, as SYSTEM privileges grant access to virtually all resources on the system.
This vulnerability was publicly disclosed on 2026-03-24. There is currently no indication of active exploitation campaigns. No Proof of Concept (PoC) code has been publicly released. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation, combined with the potential for SYSTEM-level compromise, suggests a medium probability of exploitation if a PoC is developed and widely disseminated.
Organizations and individuals using IDrive Cloud Backup Client for Windows, particularly those with less stringent access controls on their systems, are at risk. Shared hosting environments where multiple users have access to the same system are especially vulnerable, as a compromised user account could be leveraged to escalate privileges and compromise the entire system.
• windows / supply-chain:
Get-Acl "C:\ProgramData\IDrive\*" | Select-Object Path, Access• windows / supply-chain:
Get-Process -Name id_service | Select-Object Path, CommandLine• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing']]] and [EventData[Data[@Name='TargetObject']/text()='C:\ProgramData\IDrive\*']]">• windows / supply-chain: Check Autoruns for suspicious entries related to id_service.exe or files in C:\ProgramData\IDrive\.
• windows / supply-chain: Monitor Windows Defender for alerts related to process creation or file modification within the C:\ProgramData\IDrive\ directory.
disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
The primary mitigation is to upgrade to IDrive Cloud Backup Client for Windows version 7.0.0.63 or later, which addresses the file manipulation vulnerability. If immediate upgrading is not possible, consider restricting write access to the C:\ProgramData\IDrive\ directory to only the id_service.exe process. While less effective, this can limit the attacker's ability to modify the files. Monitor the directory for unexpected file modifications. Implement robust endpoint detection and response (EDR) solutions to detect and block suspicious process execution.
Aktualisieren Sie IDrive Cloud Backup Client für Windows auf Version 7.0.0.63 oder höher. Dieses Update behebt die (Privilege Escalation) Schwachstelle, indem die Konfigurationsdateieingaben korrekt validiert werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1995 is a vulnerability in IDrive Cloud Backup Client for Windows allowing standard users to execute code with SYSTEM privileges by modifying files in the application directory.
If you are using IDrive Cloud Backup Client for Windows versions 0 through 7.0.0.63, you are potentially affected by this vulnerability.
Upgrade to IDrive Cloud Backup Client for Windows version 7.0.0.63 or later to mitigate this vulnerability. Restrict access to the C:\ProgramData\IDrive\ directory as a temporary workaround.
As of now, there are no confirmed reports of active exploitation of CVE-2026-1995, but the vulnerability's ease of exploitation warrants caution.
Please refer to the official IDrive security advisory for detailed information and updates regarding CVE-2026-1995.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.