netOctopus Agent nantsys.sys MSR Write Local Privilege Escalation
High Nessus Plugin ID 29928
SynopsisThe remote Windows host contains a driver that is affected by a local privilege escalation vulnerability.
DescriptionnetOctopus Agent, an asset management agent, is installed on the remote host.
The installed version of netOctopus Agent includes a driver, named 'nantsys.sys', that exposes a device interface writable by all local users, allowing them to read and write arbitrary CPU Model Specific Registers (MSRs). A local user could leverage this issue to execute arbitrary code in kernel mode.
SolutionRemove the affected driver using the vendor-supplied script referenced in the advisory above.