.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
High
Resolved LPE vulnerability in Sophos Intercept X for Windows (CVE-2024-8885)
CVE(S)
CVE-2024-8885
PRODUCT(S)
Sophos Endpoint
Updated
2024 Oct 2
Article Version
1
First Published
2024 Oct 2
Publication ID
sophos-sa-20241002-cde-lpe
Workaround
No
Overview
Sophos has fixed a local privilege escalation vulnerability, allowing arbitrary file writing, in the Device Encryption component of Sophos Intercept X for Windows.
There is no action required for customers using the default updating policy, as updates for Recommended packages are installed automatically by default.
Customers using Fixed Term Support (FTS) or Long Term Support (LTS) packages are required to upgrade to receive this fix. See below for details.
Sophos would like to thank Sina Kheirkhah (@SinSinology) of watchTowr (https://watchtowr.com) for responsibly disclosing the issue to Sophos.
Applies to the following Sophos product(s) and version(s)
Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older
Remediation
- Ensure you are running a supported version
- Fix included in Device Encryption 2024.2.1.6 on September 19, 2024:
- Sophos Intercept X for Windows FTS 2024.2.3.9.2 and newer
- Sophos Intercept X for Windows LTS 2024.1.0.45 and newer
- Users of older versions of Sophos Intercept X are required to upgrade to receive the latest protections, and this fix
Related information
- https://www.cve.org/CVERecord?id=CVE-2024-8885
- https://support.sophos.com/support/s/article/KBA-000002911?language=en_US
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.