Thursday, December 5, 2019

Update Autodesk Desktop App to avoid being exposed to hackers

If you do have Autodesk Desktop App installed you should update it now if you have 7.0.16.29 and earlier installed.

CVE-2019-7365, was discovered in the Autodesk desktop application. The desktop app -- AdAppMgrSvc.exe -- is related to Autodesk software from 2017 to the present day and runs with NT AUTHORITY\SYSTEM. A missing DLL call made by an accompanying library also permitted the loading of arbitrary DLLs. In addition, there is no digital certificate validation, and so unsigned DLLs can be executed.

"After an attacker gains access to a computer, he might have limited privileges which can limit access to certain files and data," the researchers say. "The service provides him with the ability to operate as NT AUTHORITY\SYSTEM which is the most powerful user in Windows, so he can access almost every file and process which belongs to the user on the computer."

Autodesk said, "Autodesk released a patch for CVE-2019-7365 on 27 November for Autodesk Desktop Application (ADA) users. We highly recommend that customers apply the latest update for ADA by clicking the update button on the application. A security advisory with more information is available on the Autodesk Trust Centre."

Thanks to R.K. McSwain for this Blog post.

No comments:

Post a Comment