Elevated Privilege Issue with FlexNet Publisher Licensing Service on Windows

Elevated Privilege Issue with FlexNet Publisher Licensing Service on Windows

Summary

A local privilege escalation issue could give passage for exploit on Windows, has been reported on an optional service of FlexNet Publisher (FNP), usually used with trusted storage. If you do not depend on FlexNet Licensing Service, there is no impact to you and no further action on your part.

Please see the Symptoms section for more details.

Symptoms

FlexNet Licensing Service on Windows works with an elevated privilege. The elevated privilege allows reading some information required to protect our customers against license misuse and to protect their Intellectual Property. It is possible to use the elevated privilege of FlexNet Publisher with attack vector for exploit on Windows.

A local authenticated user is required in the attack vector and there is no "remote" (aka network vector) vector on this vulnerability. Through standard security measures, as applied in any local environment, the risk of this vulnerability being exploited is considered low.

Originally, the vulnerability and its report utilized a vector that had been mitigated through a change in the Microsoft Windows 10 operating systems, however, we received further updates from the reporter in January 2021 to indicate the existence of more vectors and thus exposing the vulnerability.

Resolution

There is no resolution for this issue at this time. 

We acknowledge receiving this vulnerability report and we’re working on it with highest priority. If you do not depend on FlexNet Licensing Service on Windows, there is no further action on your part. If you do, we’re working on a resolution with top priority to give you an update as soon as a mitigation is available. In the meantime, we ask customers and end customers to apply sufficient security measures to protect their applications. 

Additional Information

No additional information at this time.

Related Documents

None at this time. 

Labels (2)
Was this article helpful? Yes No
No ratings
Comments

Any news on this topic ?

Is it planned to release patches for previous FNP versions once resolution will be identified ?

Thank you for your feedback

@PierreMarqt , this topic is still under engineering assessment at this point in time. We will have further updates in the coming weeks.

Version history
Revision #:
4 of 4
Last update:
‎Mar 01, 2021 11:46 AM
Updated by:
 
Contributors