Platform
windows
Component
webroot-antivirus
Fixed in
9.0.35.17
CVE-2023-7241 is a privilege escalation vulnerability affecting Webroot Antivirus versions 8.0.10 through 9.0.35.12. This flaw allows malicious software to exploit WRSA.EXE, a core component of the antivirus software, to delete arbitrary and protected files on Windows systems. The vulnerability has been resolved in version 9.0.35.17, and users are strongly advised to upgrade.
The impact of CVE-2023-7241 is significant due to its potential for privilege escalation and data loss. An attacker who successfully exploits this vulnerability can leverage WRSA.EXE to delete critical system files, application data, or even security logs, effectively crippling the system or masking their malicious activity. This could lead to complete system compromise, data exfiltration, or denial of service. The ability to delete protected files bypasses standard security controls, making this a particularly dangerous vulnerability. The scope of impact extends to any system running the affected versions of Webroot Antivirus.
CVE-2023-7241 was publicly disclosed on May 1, 2024. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released, but the ease of exploitation (due to the ability to delete protected files) suggests that a PoC could emerge relatively quickly. The vulnerability has been added to the CISA KEV catalog, indicating a potential risk to federal executive branch agencies.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2023-7241 is to upgrade Webroot Antivirus to version 9.0.35.17 or later. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider temporarily restricting the permissions of WRSA.EXE to limit its ability to delete files. While not a complete solution, this can reduce the potential impact of exploitation. Monitor system logs for any unusual activity related to WRSA.EXE, particularly file deletion events. After upgrading, confirm the fix by attempting to trigger the vulnerability using a known exploit technique (if available) or by verifying that WRSA.EXE no longer has the ability to delete protected files.
Update Webroot Antivirus to the latest available version. Consult the vendor's website for the most recent version and update instructions. This mitigates the privilege escalation vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-7241 is a vulnerability in Webroot Antivirus versions 8.0.10–9.0.35.12 that allows malicious software to delete protected files, potentially leading to system compromise.
You are affected if you are running Webroot Antivirus versions 8.0.10 through 9.0.35.12. Check your version and upgrade immediately.
Upgrade to Webroot Antivirus version 9.0.35.17 or later to resolve this vulnerability. Consider temporary permission restrictions if an immediate upgrade is not possible.
Currently, there is no confirmed active exploitation, but the vulnerability's nature suggests a potential for exploitation.
Refer to the official Webroot security advisory for detailed information and updates: [https://www.webroot.com/us/en/resources/alerts/2024/05/23-001.html](https://www.webroot.com/us/en/resources/alerts/2024/05/23-001.html)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.