CrowdStrike Falcon Sensor for Windows Race Condition Vulnerability Allowing Arbitrary File Deletion
Vulnerability
A race condition vulnerability has been identified in the CrowdStrike Falcon Sensor for Windows, versions 7.28 and earlier. This vulnerability could allow an attacker, who already has the ability to execute code on a host, to delete arbitrary files. Exploitation of this vulnerability could lead to stability or functionality issues with the Falcon sensor or other software on the system, including the operating system. The vulnerability was discovered through CrowdStrike's HackerOne bug bounty program and has been responsibly disclosed.
Impact
Exploitation of this vulnerability could allow for the deletion of arbitrary files, potentially causing stability or functionality issues with the CrowdStrike Falcon Windows sensor or other software on the system, including the operating system.
Remediation
CrowdStrike has released patches for this vulnerability in Falcon Sensor for Windows versions 7.28.20008 and later, 7.27.19909, 7.26.19813, 7.25.19707, and 7.24.19608. For hosts running Windows 7/2008 R2, a hotfix is available in version 7.16.18637.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.