Synopsis:
DLL Hijacking in Privilege Management for Windows (PMfW) Installer
Impacted Product:
Privilege Management for Windows (PMfW)
Summary:
A medium-severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that allowed an attacker to hijack a DLL in the PMfW installer. The Privilege Management for Windows installer loads several DLLs during installation. In some instances, DLLs were loaded from user-controlled locations which could enable code injection.
Mitigation:
The search order of DLLs in the Privilege Management for Windows installer was changed to ensure only DLLs from trusted locations are loaded. This change was implemented in PMfW version 21.3. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.
Product | Version |
---|---|
Privilege Management for Windows (PMfW) | Prior to 23.1 |
Product | Version |
---|---|
Privilege Management for Windows (PMfW) | 23.1 and above |
BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.