N/A

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver (BYOVD) was leveraged to gain access to the critical Windows process memory lsass.exe (Local Security Authority Subsystem Service). The fekern.sys is a driver file associated with the HX Agent (used in all existing HX Agent versions). The vulnerable driver installed in a product or a system running a fully functional HX Agent is, itself, not exploitable as the product’s tamper protection restricts the ability to communicate with the driver to only the Agent’s processes.

N/A

输入验证不恰当

Trellix Endpoint Security HX 安全漏洞

Trellix Endpoint Security HX是美国Trellix公司的一款端点检测和响应软件。 Trellix Endpoint Security HX存在安全漏洞，该漏洞源于fekern.sys驱动文件存在漏洞，可能导致权限提升。

N/A

N/A