A vulnerability in the Panda 2016 products that allows the execution of code with elevated permissions has been detected in Small Business Protection and Panda 2016 products. The PSEvents.exe process is periodically run with elevated permissions and has dependencies of libraries located both in the default directory as well as in other system libraries. As the USERS group has Write permissions over the folder where the PSEvent.exe process is run and because the system first looks for libraries run by this process in the execution folder, it may be possible to create a malicious library in the execution folder that will replace one of the libraries installed in other folders. Therefore, a user could run malicious code with SYSTEM privileges.
To solve the local privilege escalation issue, Panda Security has developed a hotfix for the affected products.
How to apply the hotfix
Follow the steps below to apply the solution:
- Download the hotfix by clicking the Download button:
- Run the hotfix on the computer and verify that the folder %ProgramData%\Panda Security\Panda Devices Agent\Downloads has Read only permissions for the USERS group.
Panda Security would like to thank Security-Assessment.com and the researcher investigador Ashraf Alharbi for their continous efforts in improving security.