Hitmanpro alert service does not have quotes on the registry. I am aware of the hotfix, but that's always been suggested with a grain of salt that it is not fully supported. I am also aware we can disable tamper protection to make the change and re-enable. The problem there is we are in a very high-security environment with 10,000+ machines. The time it would take for that change to percolate through the environment is too long to have tamper protection disabled. So like many others, we are waiting on a fully supported and vetted update to the software.
I'd like to specifically call out https://community.sophos.com/intercept-x-endpoint/f/discussions/126818/unquoted-path-vulnerability---please-fix-asap where PavSupport said we could expect the fix to be on version 3.8.2. Looking at https://docs.sophos.com/releasenotes/index.html?productGroupID=esg&productID=sesc_interceptx&versionID=allVersions, 3.8.2 was released July 2021, but rolled back due to 3.8.1 some issue (which speaks to our concerns on the hotfix). I see this month (November 2021) that there is now a 3.8.3. Looking through the release notes, I do not see any mention of adding quotes to the service path. I would like to know if/when we can expect to have this patched.
I have seen a few threads where support reps suggest the vulnerability is unlikely to be exploited. Please appreciate that this is not the view shared by everyone. Particularly organizations that use Tenable/Nessus vulnerability scans see this as a "high" severity. CVSS marks this between a 6.7 - 7.8 out of 10.
This thread was automatically locked due to age.
