Elevated Privilege Issue with FlexNet Publisher Licensing Service on Windows
A local privilege escalation issue could give passage for exploit on Windows, has been reported on an optional service of FlexNet Publisher (FNP), usually used with trusted storage. If you do not depend on FlexNet Licensing Service, there is no impact to you and no further action on your part.
Please see the Symptoms section for more details.
FlexNet Licensing Service on Windows works with an elevated privilege. The elevated privilege allows reading some information required to protect our customers against license misuse and to protect their Intellectual Property. It is possible to use the elevated privilege of FlexNet Publisher with attack vector for exploit on Windows.
A local authenticated user is required in the attack vector and there is no "remote" (aka network vector) vector on this vulnerability. Through standard security measures, as applied in any local environment, the risk of this vulnerability being exploited is considered low.
Originally, the vulnerability and its report utilized a vector that had been mitigated through a change in the Microsoft Windows 10 operating systems, however, we received further updates from the reporter in January 2021 to indicate the existence of more vectors and thus exposing the vulnerability.
There is no resolution for this issue at this time.
We acknowledge receiving this vulnerability report and we’re working on it with highest priority. If you do not depend on FlexNet Licensing Service on Windows, there is no further action on your part. If you do, we’re working on a resolution with top priority to give you an update as soon as a mitigation is available. In the meantime, we ask customers and end customers to apply sufficient security measures to protect their applications.
No additional information at this time.
None at this time.