Privilege Elevation Service, Auditing and Monitoring Service
Centrify Infrastructure Services
Updated November 6, 2019
Updated versions are now available on the Centrify Download Center under the name Centrify Infrastructure Services 19.6 for 64-bit Windows (Nov. 2019 Component Update).
Security Vulnerability: It has been brought to our attention that in certain situations the Centrify Agent for Windows, part of Centrify Privilege Elevation Service, can allow an attacker to perform remote code execution. The Centrify Engineering team has confirmed this vulnerability and discovered that this also applies to Audit Manager, Audit Analyzer and Access Manager; specifically Windows component of Centrify Authentication and Privileged Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 (18.8), 3.5.2 (18.11) and 3.6.0 (19.6). This is related to the .NET framework vulnerability detailed in CVE-2012-0161 and CVE-2019-18631.
Note: This does not impact the Centrify Client for Windows downloaded from the Privileged Access Service tenants. The products mentioned above are all downloaded from the Centrify Download Center.
Solution: Updated 19.6 versions with the fix are available on the Centrify Download Center. Customers will be required to upgrade to these new versions to fully resolve the issue.