ASA-2019-00582 – Palo Alto Networks GlobalProtect Agent: Local Privilege Escalation vulnerability

A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows auto-update feature that can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.

ASA-2019-00545 – BlueStacks: Arbitrary File Read with System admin privilege

BlueStacks employs Android running in a virtual machine (VM) to enable Android apps to run on Windows or MacOS. Bug is in a local arbitrary file read through a system service call. The impacted method runs with System admin privilege and if given the file name as parameter returns you the content of file. A malicious app using the affected method can then read the content of any system file which it is not authorized to read.

ASA-2019-00390 – curl: Windows OpenSSL engine code injection

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL.

ASA-2019-00380 – London Trust Media Private Internet Access: DLL injection vulnerability during the update process

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Desktop client is vulnerable to a DLL injection vulnerability during the update process. The updater loads several DLLs from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as an administrator.