DriveLock Buffer Overread Vulnerability Leading to Blue Screen of Death

A buffer overread vulnerability has been identified in the DriveLock Agent for Windows, specifically in versions 24.1 prior to 24.1.6, 24.2 prior to 24.2.7, and 25.1 prior to 25.1.5. This vulnerability allows unprivileged users to cause a Blue Screen of Death (BSOD) on affected Windows computers. The issue arises from the DriveLock Driver's failure to properly validate wide strings in certain IOCTL requests. By sending a non-terminated string, a local, non-privileged user can trigger a buffer overread, which occasionally leads to a system crash, causing a denial-of-service condition on the affected endpoint.

Impact

Exploitation of this vulnerability causes a system crash, leading to a Blue Screen of Death (BSOD) on the affected Windows endpoint, which is a denial-of-service condition.

Remediation

Users are advised to update to DriveLock versions 25.1.5, 24.2.7, or 24.1.6. For optimal security and support, upgrading directly to version 25.1 Patch 3 (25.1.5) is recommended.