IDrive for Windows Vulnerability Let Attackers Escalate Privileges

The IDrive Cloud Backup Client for Windows has a serious local privilege escalation flaw that has been found. When the flaw is successfully used, an authenticated attacker can run harmful code in the very powerful NT AUTHORITY\SYSTEM context. At the time of the disclosure, the vendor was still working on an official patch for this security hole.

Until IDrive releases the official fix, security teams will have to use manual workarounds to protect their business endpoints. It is especially dangerous for shared computing environments or active attack chains where a threat actor has already gained an initial, low-privileged foothold and is looking to elevate their permissions to move laterally across the network. Security teams should pay special attention to any child processes that seem suspicious and are created by the main service executable.

System administrators should always check official release channels and install software updates as soon as they are available. Call the Samaritans at 08457 90 90 90, go to a nearby Samaritans branch, or go to www.samaritans.org for more information. Call 1-800-273-8255 in the U.S. to reach the National Suicide Prevention Line.

In the UK, you can get help by calling the helpline at 0800-825-7255 or the National Suicide Prevention Line at 1-844-988-788. Visit www.suicidepreventionlifeline.org for more information on how to help. Go to http://www.sophistication.org/ for help with cybercrime. The National Security Agency's website, http://www.nspc.gov/, can help you with cybercrime in the US.