Researchers have identified a vulnerability in CrowdStrike’s Falcon cloud-based endpoint protection system

The bug affects at least two versions of the Falcon agent, versions 6.31.14505.0 and 6.42.15610

The sensor can be configured with a uninstall protection

Exploiting this vulnerability allows an attacker with administrative privileges

Researchers at modzero, a Swiss research and services group, discovered the vulnerability and notified CrowdStrike in June.

CrowdStrike asked the researchers to report it through the company’s HackerOne bug bounty program

The researchers initially tested one specific version of Falcon, but  later in the process were able to get access to a newer version.

CrowdStrike said in an email statement that the issue is with the Microsoft MSI implementation.

CrowdStrike runs an open and transparent bug bounty program with partners such as HackerOne.

FOR LATEST NEWS AND UPDATES RELATED TO CYBER SECURITY SWIPE UP NOW