Executive Summary

During a routine security review of Netwrix Auditor a vulnerability was identified which may allow an authenticated, authorized, attacker to affect the availability of Netwrix Auditor.

Netwrix is unaware of any evidence of active exploitation of this vulnerability.

Vulnerability

Exploitability

Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgements about urgency and priority; customers should use the information below in making those decisions.

Solution

All Netwrix Auditor customers are advised to update Netwrix Auditor to version 10.7.13797 or later as soon as possible.

Instructions for the Netwrix Auditor upgrade process can be found in this help center article.

Please contact the Netwrix technical support team should you need assistance.

Official Fixes

Updated software has been released containing official fixes for all listed vulnerabilities as indicated in the table below.

FAQ

1. How do I determine my current version of Netwrix Auditor?

   The version can be found in the General tab in Netwrix Auditor and in Windows “Add/Remove Programs”.

Revisions

Updates to this advisory may be made as necessary. Information about each change will be published in the table below.

Disclaimer

The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.