WithSecure Elements Vulnerable to Local Privilege Escalation 

More information

A vulnerability in the WithSecure Windows endpoint product allows a malicious attacker to abuse the service to create an arbitrary file in the system. An attacker can leverage this vulnerability to perform local privilege escalation.

Note: An attacker must have administrator privilege prior to exploiting this vulnerability or an attacker convince/ trick a user with
Administrative privileges to perform an action in order to exploit this vulnerability

This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.


WithSecure would like to thank following person for bringing this issue to our attention.

Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi)

of Trend Micro Zero Day Initiative (ZDI) team


  • Fixed
  • Risk level

  • Medium
  • Action required

  • FIX No User action is required. The required fix has been published through automatic update channel with USS-Win32/2024-04-29_01

  • Affected products

  • All WithSecure Endpoint Protection products for Windows 

    • WithSecure Client Security 15 onwards 
    • WithSecure Server Security 15 onwards
    • WithSecure Email and Server Security 15 
    • WithSecure Elements Endpoint Protection 17 onwards
  • Platforms

  • All supported platforms for the affected products
  • Date issued

  • 2024-05-22