[Resolved] Escalation of Privilege in SecureAge Security Suite
A privilege escalation vulnerability has been identified and resolved. Users on affected versions should update immediately.
Vulnerability Overview
A privilege escalation vulnerability was identified in SecureAge Security Suite for Windows. A locally logged-in user could exploit this flaw to create, modify, or delete files in privileged system locations — actins that should only be available to administrators. This vulnerability has been fully resolved in the versions listed below.
Technical details
The vulnerability stems from how SecureAge Security Suite handles symbolic links during normal operation. A local attacker could create specific symbolic links n the system. When the SecureAge software ran, it would follow those links and perform file operations in privileged Windows path locations . This could allow an unprivileged user to plant, alter, or remove files they would not ordinarily have access to.
Affected & Fixed Versions
Product
Vulnerable Version
Fixed Version
Status
SecureAge Security Suite
7.0.37 and earlier
7.0.38
✓Resolved
SecureAge Security Suite
7.1.10 and earlier
7.1.11
✓Resolved
SecureAge Security Suite
8.0.17 and earlier
8.0.18
✓Resolved
SecureAge Security Suite
8.1.17 and earlier
8.1.18
✓Resolved
Recommended Action
Update to the fixed version or any later release immediately. No workaround is available—patching is the only resolution. If you are unsure which version you are running, open SecureAge Security Suite and check Help>About. Contact our support team if you need assistance with the update process.
Acknowledgement
SecureAge thanks GovTech Cyber Security Group (CSG) and CSA Cyber Security Engineering Centre (CSEC) for responsibly disclosing this issue through coordinated vulnerability disclosure.
Discover how to keep your data protected at all times. Download our brochure to see how SecureData delivers always-on encryption, simplifies compliance, and enable secure collaboration across your organisation.
