Monday, January 13, 2025
HomeCyber Security NewsTrellix DLP Vulnerability Allows Attackers To Delete Unprivileged Files

Trellix DLP Vulnerability Allows Attackers To Delete Unprivileged Files

Published on

A privilege escalation vulnerability has been identified in the Trellix Windows DLP endpoint for Windows, which may be exploited to delete any file/folder for which the user does not have authorization.

Trellix DLP Endpoint protects against all potential leak channels, including portable storage devices, the cloud, email, instant messaging, web, printing, clipboard, screen capture, file-sharing applications, and more.

This ‘medium’ severity vulnerability is tracked as CVE-20234814 with a CVSS base score of 7.1. Trellix, a cybersecurity firm, recently addressed the issue of privilege escalation.

Impacted Version

Data Loss Prevention (DLP) for Windows 11.10.100.17

Fix Released

To Determine Whether the Product is Vulnerable

For Endpoint Security on Windows:

Use the following instructions for endpoint or client-based products:

  • Right-click the tray shield icon on the Windows taskbar.
  • Select Endpoint Security.
  • In the console, select Action Menu.
  • In the Action Menu, select About. The product version displays.

For endpoint products and ENS on other platforms:

  • Right-click the tray shield icon on the Windows taskbar.
  • Select Open Console.
  • In the console, select Action Menu.
  • In the Action Menu, select Product Details. The product version displays.

Hence, it is recommended to download the applicable product update/hotfix file. 

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...