HitmanPro.Alert Multiple Vulnerabilities
Two vulnerabilities have been disclosed in the Sophos HitmanPro.Alert anti-exploit tool. An attacker could exploit these vulnerabilities to gain access to kernel memory locations or execute arbitrary code.
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Two vulnerabilities have been disclosed in the Sophos HitmanPro.Alert anti-exploit tool. An attacker could exploit these vulnerabilities to gain access to kernel memory locations or execute arbitrary code.
Threat details
Both vulnerabilities are a result of errors in the input/output control (IOCTL) message handling function.
For further information:
Remediation steps
| Type | Step |
|---|---|
|
Sophos addressed these vulnerabilities in all versions of HitmanPro.Alert after 3.7.6. User and administrators are encouraged to update their vulnerable systems immediately. |
CVE Vulnerabilities
Last edited: 11 January 2022 4:01 pm