Executive Summary
During a routine security review of Netwrix Privilege Secure a vulnerability was identified which may expose the password of ephemeral accounts created by Netwrix Privilege Secure systems running Microsoft Windows (“managed resource”) where an attacker has the privileges to monitor processes.
Netwrix is unaware of any evidence of active exploitation of this vulnerability.
Updates
2025-02-13T16:00:00Z
Netwrix Privilege Secure version 4.2.1626 has been released to replace the release which was rescinded. Customers are advised to update to this version to remediate this issue.
2025-02-11T21:30:00Z
Netwrix Privilege Secure version 4.2.162, which remediated the vulnerability described in this advisory, has been rescinded due to an unrelated defect discovered subsequent to its release. Netwrix will provide an update when a replacement release is available.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Exposure of Sensitive Information to an Unauthorized Actor | Netwrix Privilege Secure | <= 4.2.1616 | 4.9 | 5.7 / 5.0 | When creating ephemeral accounts on a managed resource Netwrix Privilege Secure specifies the account password as a plaintext argument to the relevant utility. The execution of the utility, and its command line arguments, including the password, are visible to any user authorized to monitor processes on the managed resource. This may allow an attacker to gain unauthorized access to the managed resource via the ephemeral account. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgements about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Exposure of Sensitive Information to an Unauthorized Actor | No | No | No |
Solution
All Netwrix Privilege Secure customers are advised to update Netwrix Privilege Secure to version 4.2.1623 or later as soon as possible.
Instructions for the Netwrix Privilege Secure upgrade process can be found in this help center article.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for all listed vulnerabilities as indicated in the table below.
| Title | Version |
|---|---|
| Exposure of Sensitive Information to an Unauthorized Actor | 4.2.1626 |
FAQ
-
How do I determine the current version of Netwrix Privilege Secure?
The version can be found at the bottom of every Netwrix Privilege Secure page.
-
Are there additional steps I should take after applying the patch?
Netwrix Privilege Secure utilizes the WinRM protocol to connect to managed resources running Microsoft Windows. Netwrix advises customers to secure the WinRM protocol by requiring WinRM to use the HTTPS protocol. Instructions for configuring secure WinRM (HTTPS) for Netwrix Privilege Secure can be found in this help center article.
Please contact the Netwrix technical support team should you need assistance.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 3 | 2025-02-13T16:00:00Z | Update with replacement patch release |
| 2 | 2025-02-11T21:30:00Z | Update regarding patch retraction |
| 1 | 2025-02-06T16:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.