Tanium Endpoint Configuration Toolset Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in Tanium's Endpoint Configuration Toolset Solution, specifically in the Patch Endpoint Tools. This vulnerability affects several versions prior to specific update releases and could allow an attacker with access to a Windows system running the Tanium Client to escalate privileges by writing to a file in a user-controlled location.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation on the affected system.

Remediation

Users can upgrade to Tanium Endpoint Configuration Toolset Solution versions 1.40.54, 1.47.22, or 1.51.11, depending on their current release. Tanium on-prem customers should deploy the updated version using Change Management in Endpoint Configuration. Tanium Cloud customers should also use Change Management in Endpoint Configuration to deploy the updated version.