A high-severity vulnerability exists in the installer for LogStare Collector for Windows. This flaw, known as an uncontrolled search path element, could allow an attacker who places a malicious file on the system to execute arbitrary code during the installation process, potentially leading to a full system compromise. Organizations should prioritize updating their installer packages immediately to prevent unauthorized access and system takeover.

The vulnerability is an uncontrolled search path element, commonly known as a DLL hijacking or binary planting flaw, within the product's installer. When the installer is executed, it attempts to load required libraries (DLLs) without specifying a fully qualified path. This forces the operating system to search for these files in a predefined order of locations, which may include the directory from which the installer is being run. An attacker can exploit this by placing a specially crafted malicious DLL with the same name as a legitimate one in a location that is searched before the legitimate file's directory. When the user runs the installer, it inadvertently loads and executes the attacker's malicious DLL, granting the attacker code execution with the same privileges as the user running the installer, which is often an administrator.

This vulnerability is rated as High severity with a CVSS score of 7.8. Successful exploitation could lead to a complete compromise of the system where the installation is performed. Potential consequences include the deployment of ransomware, theft of sensitive corporate or personal data, installation of persistent backdoors for long-term access, and using the compromised system as a pivot point to attack other systems within the network. This poses a significant risk to data confidentiality, integrity, and system availability, potentially leading to operational disruptions, financial loss, and reputational damage.

Immediate Action: Apply vendor security updates immediately. Ensure that you are using the latest, patched version of the installer for all new deployments or updates of LogStare Collector. Discard all older, vulnerable versions of the installer.

Proactive Monitoring: Monitor systems for signs of exploitation. This includes reviewing security logs for suspicious file creation events in common user directories (e.g., Downloads, Temp folders) immediately before the installer process is launched. Utilize endpoint detection and response (EDR) tools to monitor for installer processes (e.g., setup.exe, msiexec.exe) loading DLLs from non-standard or user-writable locations.

Compensating Controls: If patching the installer is not immediately feasible, implement the following controls to mitigate risk:

• User Training: Instruct users and administrators to only run installers from trusted, read-only network locations or directly from the vendor's official website.
• Application Control: Use application whitelisting solutions (e.g., AppLocker, Windows Defender Application Control) to restrict the execution of unauthorized DLLs.
• Directory Permissions: Enforce strict permissions on download folders and temporary directories to prevent unprivileged users or processes from writing malicious files.

Public Exploit Available: false

Given the High severity rating (CVSS 7.8) and the potential for complete system compromise, immediate action is required. Although this vulnerability is not currently listed on the CISA KEV list and lacks a public exploit, its simplicity makes it an attractive target. We strongly recommend that organizations prioritize obtaining the patched installer from the vendor and replacing all existing copies. Furthermore, implementing the suggested compensating controls, such as application whitelisting and user education on safe installer execution practices, will provide layered defense against this and similar threats.