A high-severity vulnerability exists within the Deep Instinct Agent for Windows that allows a local attacker to escalate their privileges. An authenticated user with basic access can exploit this flaw to gain full administrative (SYSTEM) control over the affected machine, completely bypassing security controls and enabling further malicious activities such as data theft or malware deployment.

This is a local privilege escalation vulnerability resulting from a race condition. An authenticated, low-privileged attacker can win a race condition during the agent's folder creation process. By creating a symbolic link in the target location before the agent's privileged process creates the folder, the attacker can trick the agent into writing or modifying files in arbitrary, protected locations on the system, leading to code execution with SYSTEM-level privileges.

This vulnerability carries a High severity rating with a CVSS score of 7.8. Successful exploitation allows an attacker who has already gained initial, low-level access to a workstation or server to become a full administrator. This would allow them to disable security controls (including the Deep Instinct agent itself), install persistent malware like ransomware or spyware, steal sensitive company data, and use the compromised machine as a pivot point to attack other systems on the corporate network.

Immediate Action: Apply vendor security updates immediately. Administrators should update the Deep Instinct Agent to version 2.4 or later to mitigate this vulnerability. After patching, monitor for any signs of post-exploitation activity and review system and security logs for unusual behavior preceding the patch deployment.

Proactive Monitoring: Monitor for suspicious file system activity, specifically the creation of symbolic links in directories used by security products. Security teams should also monitor Windows Event Logs for unexpected processes being launched with SYSTEM privileges and for security audit failures related to file and object access.

Compensating Controls: If patching is not immediately possible, enforce the principle of least privilege to limit user account capabilities. Implement robust application whitelisting to prevent unauthorized executables from running. Deploy an Endpoint Detection and Response (EDR) solution capable of detecting and blocking suspicious process behaviors associated with privilege escalation techniques.

Public Exploit Available: true

Given the high CVSS score and the public availability of exploit code, it is strongly recommended that all organizations running affected versions of the Deep Instinct Agent prioritize the deployment of the vendor-supplied patch immediately. A vulnerability in a security product itself presents a critical risk, as it undermines the trust and effectiveness of a key defensive layer. This flaw should be treated as a high-priority item in your vulnerability management program.