Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
A set of Windows client security patches for multiple SafeGuard products has been released to address a number of security issues. It is highly recommended to apply the patch to all affected SafeGuard Enterprise, SafeGuard Easy and SafeGuard LAN Crypt Windows clients.
Applies to the following Sophos products and versions
Kyriakos Economou from Nettitude has disclosed a number of security issues within SafeGuard Enterprise to Sophos following our Responsible Disclosure Policy. Sophos is not aware of any attacks leveraging those vulnerabilities or exploits for them being available.
The vulnerabilities are present within all configurations of SafeGuard Enterprise (SGN), SafeGuard Easy (SGE) and SafeGuard LAN Crypt (SGLC) clients running on Windows. Exploitation of those vulnerabilities requires running malicious code on the target machine and can result in privilege escalation. This vulnerability is not remotely exploitable (i.e. over the network).
The CVE numbers reserved for these issues are: CVE-2018-6857, CVE-2018-6855, CVE-2018-6852, CVE-2018-6851, CVE-2018-6856, CVE-2018-6853, CVE-2018-6854. Please note that these issues are in RESERVED state until publication by the researcher. Patches for all currently supported product versions as well as selected product versions already out of support/maintenance can be found below. Sophos recommend to always keep your products up-to-date and use currently supported versions. However, we are exceptionally providing patches for select versions that are not supported anymore, in case some customers cannot move immediately to a supported version. Please see the Retirement calendar for SafeGuard Products for details on older versions.
Please refer to the following KBAs for instructions on how to download and install the patch for the desired product:
Note: A patch for SafeGuard Enterprise Client for Windows 5.60.3 VS-NfD is provided separately, please contact Sophos Support for information on how to receive and install this patch.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.