Plateforme
windows
Composant
idrive-cloud-backup-client-for-windows
Corrigé dans
7.0.0.63
CVE-2026-1995 describes a Privilege Escalation vulnerability affecting IDrive Cloud Backup Client for Windows. This flaw allows standard users to execute arbitrary code with SYSTEM privileges by manipulating files within the IDrive application directory. The vulnerability impacts versions 0 through 7.0.0.63, and a fix is available in version 7.0.0.63.
The impact of CVE-2026-1995 is severe. An attacker with local access to a system running the vulnerable IDrive client can exploit this vulnerability to gain complete control over the system. By overwriting specific files under C:\ProgramData\IDrive\, an attacker can inject and execute malicious code with the privileges of the id_service.exe process, which runs as SYSTEM. This allows for arbitrary command execution, data theft, malware installation, and potentially, lateral movement within the network. The ease of exploitation, requiring only local access and file modification capabilities, significantly broadens the potential attack surface.
CVE-2026-1995 was publicly disclosed on 2026-03-24. Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog. The vulnerability's relatively straightforward exploitation pattern suggests a moderate risk of future exploitation, particularly if a readily available proof-of-concept is released.
Organizations and individuals using IDrive Cloud Backup Client for Windows, particularly those with less stringent access controls on their systems, are at risk. Shared hosting environments where multiple users have access to the same system are especially vulnerable, as a compromised user account could be leveraged to escalate privileges and compromise the entire system.
• windows / supply-chain:
Get-Acl "C:\ProgramData\IDrive\*" | Select-Object Path, Access• windows / supply-chain:
Get-Process -Name id_service | Select-Object Path, CommandLine• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing']]] and [EventData[Data[@Name='TargetObject']/text()='C:\ProgramData\IDrive\*']]">• windows / supply-chain: Check Autoruns for suspicious entries related to id_service.exe or files in C:\ProgramData\IDrive\.
• windows / supply-chain: Monitor Windows Defender for alerts related to process creation or file modification within the C:\ProgramData\IDrive\ directory.
disclosure
Statut de l'Exploit
EPSS
0.01% (percentile 0%)
The primary mitigation for CVE-2026-1995 is to immediately upgrade the IDrive Cloud Backup Client for Windows to version 7.0.0.63 or later. Prior to upgrading, consider backing up critical data as an extra precaution. If upgrading is not immediately feasible, restrict access to the C:\ProgramData\IDrive\ directory to prevent unauthorized modifications. Implement file integrity monitoring to detect any unexpected changes to these files. While a WAF is unlikely to be effective, consider implementing stricter access controls and auditing on the system to detect suspicious activity. After upgrading, verify the fix by attempting to modify the files in C:\ProgramData\IDrive\ and confirming that the id_service.exe process no longer executes the modified code.
Actualice IDrive Cloud Backup Client para Windows a la versión 7.0.0.63 o posterior. Esta actualización corrige la vulnerabilidad de escalada de privilegios al validar correctamente las entradas de los archivos de configuración.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-1995 is a vulnerability in IDrive Cloud Backup Client for Windows allowing standard users to execute code with SYSTEM privileges by modifying files in the application directory.
If you are using IDrive Cloud Backup Client for Windows versions 0 through 7.0.0.63, you are potentially affected by this vulnerability.
Upgrade to IDrive Cloud Backup Client for Windows version 7.0.0.63 or later to mitigate this vulnerability. Restrict access to the C:\ProgramData\IDrive\ directory as a temporary workaround.
As of now, there are no confirmed reports of active exploitation of CVE-2026-1995, but the vulnerability's ease of exploitation warrants caution.
Please refer to the official IDrive security advisory for detailed information and updates regarding CVE-2026-1995.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.