Netskope Client Endpoint DLP Module Windows Out-of-Bounds Read Vulnerability Leading to Denial-of-Service
Vulnerability
A vulnerability exists in the Endpoint Data Loss Prevention (DLP) Module of the Netskope Client for Windows. This vulnerability allows an unprivileged user to exploit an out-of-bounds read in a driver, potentially causing a Blue Screen of Death (BSOD). The Endpoint DLP module must be enabled in the client configuration for the vulnerability to be exploited. This issue affects all Netskope Client versions prior to R136.1.
Impact
Exploitation of this vulnerability can cause a Blue Screen of Death (BSOD), leading to a denial-of-service condition on the local machine.
Remediation
Netskope has released a security patch for this vulnerability. Users can update to version R136.1 or later. For those on earlier versions, the patch has been backported to R129.1.8 and above, R132.0.23 and above, and R135.1.0 and above. Instructions for downloading the updated client are available on the Netskope Support portal.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.