Endpoint Security 8.4.1 Security Statement

Elastic Endpoint Security Local Privilege Escalation issue (ESA-2022-14)

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Affected Versions:

Version 8.4.0

Solutions and Mitigations:

The issue is fixed in version 8.4.1 of the Elastic Endpoint.

This feature is disabled by default, and can only be enabled through the windows.advanced.alerts.rollback.self_healing.enabled advanced policy option, which is only available to Platinum and Enterprise users. If the feature is not enabled, no action is required. If the feature is enabled and you are unable to upgrade, please disable it by clearing the configuration field to restore its default-disabled behavior.

CVSSv3: 7.5 (High) - AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID: CVE-2022-38775