A critical vulnerability has been identified in multiple In DriveLock products, rated with a CVSS score of 9.9. This flaw allows an attacker to gain elevated privileges, potentially leading to a complete compromise of the affected system. Due to the severity of this vulnerability, immediate action is required to apply security updates and prevent potential exploitation.

The vulnerability is a privilege escalation flaw within the DriveLock software. An attacker with low-level user access on a system where an affected version of DriveLock is installed can exploit this weakness to gain administrative or SYSTEM-level privileges. The exploit likely involves manipulating a component of the DriveLock agent that runs with high permissions, allowing the attacker to execute arbitrary code or commands in a privileged context, thereby bypassing all security controls on the endpoint.

This vulnerability is of critical severity with a CVSS score of 9.9. Successful exploitation would grant an attacker complete control over the affected endpoint. This could lead to severe business consequences, including the theft of sensitive corporate data, deployment of ransomware, installation of persistent backdoors, and the ability to move laterally across the network to compromise additional assets. Since DriveLock is a security product, its compromise fundamentally undermines the organization's security posture, turning a protective agent into a threat vector.

Immediate Action: Immediately apply the vendor-supplied security updates to all affected systems. Upgrade In DriveLock installations to the following patched versions or later:

• Version 24.1.5
• Version 24.2.6
• Version 25.1.4 After patching, monitor systems for any signs of post-exploitation activity and review security and system logs for indicators of compromise that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring focused on the behavior of DriveLock services and processes. Look for anomalous activity such as unexpected child processes being spawned by DriveLock services, unusual file modifications in system directories, or unauthorized changes to the Windows Registry. Security teams should review endpoint detection and response (EDR) alerts and system event logs for any failed or successful privilege escalation attempts originating from non-administrative user accounts.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk of exploitation. These include:

• Restricting local user accounts to the absolute minimum necessary permissions.
• Utilizing application whitelisting to prevent the execution of unauthorized tools that could be used to trigger the vulnerability.
• Ensuring that EDR solutions are in place and configured to detect and block suspicious process behavior associated with privilege escalation techniques.

Public Exploit Available: false

Given the critical CVSS score of 9.9, this vulnerability represents an immediate and severe risk to the organization. The potential for a full system compromise necessitates that this vulnerability be treated as a top priority. We strongly recommend that all affected In DriveLock installations are patched immediately, following the vendor's guidance. Although this CVE is not currently listed on the CISA KEV catalog, its high severity makes it a prime candidate for future inclusion and a likely target for opportunistic and sophisticated threat actors.