Critical Privilege Escalation Vulnerability Patched in M-Files Installer

CVECVE-2023-0213
CVSScvssV3_1: 8.8
SourceCVE-2023-0213

M-Files Installer, a tool used to install the M-Files document management system, was found to have a privilege escalation vulnerability that could allow attackers to gain elevated SYSTEM privileges on affected systems.

The vulnerability, tracked as CVE-2023-0213 with a CVSS score of 8.8, exists due to improper validation of DLL files during the installation process. By placing a malicious DLL in the same folder as a legitimate system DLL, an attacker could trick the installer into hijacking the system DLL and instead loading the attacker’s file. This technique, known as DLL hijacking, could then be used to execute arbitrary code with full administrator privileges on the machine.

Many applications rely on DLL files to function properly. By abusing this trust between applications and DLLs, an attacker could gain complete control of an affected system. This level of access would allow installation of malware, theft of sensitive information, or disruption of the entire computer.

M-Files has released updated versions 22.6 of their Installer that properly validate DLL signatures to prevent this attack method. All users are highly recommended to update their installation to the latest version as soon as possible to remove this critical vulnerability. Additionally, exercising caution when opening unknown files or attachments can help prevent initial exploitation. Keeping applications up to date is one of the best ways to protect against these types of privilege escalation attacks.

References