Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges.
The privilege escalation security flaw tracked as CVE-2019-8461 makes it possible for attackers to run malicious payloads using system-level privileges as well as evade anti-malware detection by bypassing application whitelisting, a technique commonly used to prevent the execution of either unknown or potentially malicious apps, Bleeping Computer reported.
Advanced Privileged Access Management solutions can help safeguard an organisation’s IT environment by protecting and securing backend resources which are accessed by administrators, whose credentials can be used to escalate privileges.
Of course, patching this vulnerability is key to mitigating the problem. In addition, by using Privileged Session Management (PSM) to strategically limit command or application execution to only those necessary for given tasks or more tactically block critical commands and channels on the fly, organisations can minimise their risks of attackers gaining access.
Long term, you can combine your PSM with Privileged Account Analytics which detect anomalies in the privileged users\’ behaviour. This helps to not only provide a baseline for what constitutes ‘normal’ activity, but also allows for visibility and action against unexpected deviations from the baseline.