Palo Alto Networks GlobalProtect App Privilege Escalation Vulnerability

A vulnerability in the GlobalProtect app for Windows allows a locally authenticated non-administrative user to escalate privileges to NT AUTHORITY\SYSTEM. This issue arises from a reliance on untrusted input for security decisions. GlobalProtect apps on macOS, Linux, iOS, Android, Chrome OS, and the UWP version are not affected.

Impact

Exploitation of this vulnerability allows local Windows users to gain elevated privileges, potentially leading to unauthorized access or control over system resources and functions.

Remediation

Users can upgrade to GlobalProtect App versions 6.3.3 or later, 6.2.6 or later, or for version 6.1, upgrade to 6.2.6 or later or 6.3.3 or later. After upgrading, it's necessary to update a specific registry key to ensure the vulnerability is fully addressed. This registry change can be applied using endpoint mobile device management tools. For new installations, the GlobalProtect app can be deployed with a pre-deployment key that automatically adds the required registry value.