Situation
A vulnerability has been detected in Panda AdminSecure communications infrastructure that affects Panda Security for Business and Panda Security for Enterprise products.
The vulnerability has been located in the Panda Agent process (Pagent.exe).
Symptom
When exploited, this vulnerability could allow an attacker to execute remote code. Hackers do not need specific user permissions to exploit this vulnerability.
Solution
Hotfix HAS_4_50_00_0032.exe has been developed to resolve this situation in Panda AdminSecure Communications Agent component.
In order to solve the issue, upgrade to the latest version of AdminSecure and apply the specific hotfix developed for the incident.
- How to upgrade to AdminSecure 4.50.00 version
- Click this link to learn how to upgrade your AdminSecure version.
- Update the protection affected by the incident. For more information, go to How can I update the protection of my IT resources once I have upgraded AdminSecure? (only applies to AdminSecure).
- How to apply hotfix HAS_4_50_00_0032.exe
- Download hotfix HAS_4_50_00_0032.exe (33,7 MB) in all the machines that run a Primary Repository.
md5: 47dedf4561f0d8c6abd552818e703aee - Save the file to a temporally folder in the hard disk.
- Run the downloaded file. To do this, double-click the HAS_4_50_00_0032.exe file to apply the hotfix. It will include the fix in the available updates within the repository.
- The repository will update the rest of the communications infrastructure.
Our thanks to Andrea Micalizzi (aka rgod) and HP's Zero Day Initiative for responsibly disclosing this vulnerability.