Endpoint Client
Monthly
Local privilege/availability abuse in Safetica Endpoint Client (x64) versions 10.5.75.0 and 11.11.4.0 lets an unprivileged user send crafted IOCTLs to the bundled kernel driver ProcessMonitorDriver.sys to terminate protected system processes, including the DLP agent's own self-protection components. This effectively allows a low-privileged local user to disable endpoint security enforcement. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; CERT/CC (VU#818729) coordinated the disclosure.
Local privilege/availability abuse in Safetica Endpoint Client (x64) versions 10.5.75.0 and 11.11.4.0 lets an unprivileged user send crafted IOCTLs to the bundled kernel driver ProcessMonitorDriver.sys to terminate protected system processes, including the DLP agent's own self-protection components. This effectively allows a low-privileged local user to disable endpoint security enforcement. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; CERT/CC (VU#818729) coordinated the disclosure.