A high-severity flaw within the Safetica Endpoint Client kernel driver could allow a local attacker to escalate privileges on affected systems.

The vulnerability resides in the ProcessMonitorDriver, where insufficient input validation allows an authenticated local attacker to execute arbitrary code with elevated kernel-level permissions.

Successful exploitation allows an attacker to gain full control over the host machine, bypassing endpoint protection mechanisms and potentially exfiltrating sensitive data. The CVSS score of 7.5 highlights the significant impact this could have on the confidentiality and integrity of protected endpoints.

Immediate Action: Deploy the latest security patch from Safetica to update the affected kernel driver across all managed endpoints.

Proactive Monitoring: Monitor system logs for suspicious kernel-mode activity or unexpected driver loading events that deviate from established baselines.

Compensating Controls: Implement strict Application Control policies to limit the execution of unauthorized binaries that could be used to trigger the driver vulnerability.

Public Exploit Available: false

This vulnerability represents a significant risk to endpoint security due to the kernel-level access involved. IT administrators should expedite the deployment of vendor-supplied updates to mitigate the risk of local privilege escalation.