WIN-911 Software has been made aware of two potential vulnerabilities affecting all versions of WIN-911 Standard, Interactive, and Advanced. Successful exploitation of these potential vulnerabilities could lead to the escalation of local privileges when executed. An attacker cannot use these vulnerabilities to gain access to your system, as they require local access to exploit.

A. Affected Products

All versions of WIN-911 Standard, Interactive, and Advanced prior to 4.21.5.

B. Vulnerability Details

The vulnerabilities were disclosed in a Talos report which resulted in the creation of two CVEs.

Talos Report: TALOS-2020-1150

CVE: CVE-2020-13539 and CVE-2020-13540

By default, WIN-911 V4.20.13 is installed in the “C:\Program Files (x86)\WIN-911 Software” directory and it allows the “Everyone” group to have “Full” privilege over certain files in the directory which are executed with SYSTEM authority. This allows users in the Everyone group to read, write or modify arbitrary files in the install directory resulting in privilege escalation in certain configurations.

CVE-2020-13539 - Privilege escalation via “WIN-911 Mobile Runtime” service

WIN-911 Mobile Runtime service allows any user on the system to replace binary located in program files as seen below to execute code with the privilege of a WIN-911 service user:

c:\program files (x86)\win-911 software\win-911 enterprise\mobile\WIN911.Notifier.Mobile.Runtime.exe 
                                                                                                 NT AUTHORITY\Authenticated Users:(ID)(special access:)

CVE-2020-13540 - Privilege escalation via “WIN-911 Account Change Utility”

WIN-911 Account Change Utility is a program used to change WIN-911 service users which runs all of the associated windows services. Due to the high-level privilege required to execute this operation only an administrative level user can successfully reconfigure services. The executable, which enables this operation, can however be easily replaced by any user from the “Everyone” group due to weak permissions applied on the application as seen below leading to privilege escalation when the application is used.

c:\Program Files (x86)\WIN-911 Software\ACU\WIN-911 Account Change Utility.exe 
                                         NT AUTHORITY\Authenticated Users:(ID)F
                                         NT AUTHORITY\SYSTEM:(ID)F

C. Resolution


WIN-911 Software strongly recommends updating to the latest version of WIN-911, 4.21.5, which removes the Everyone Group from all the files the installer places on disk and further restricts many others. The installation will upgrade existing deployments of WIN-911 automatically. If you are not able to upgrade WIN-911, you can manually remove the Everyone group from the WIN-911 Enterprise directory tree. 

WIN-911 4.21.5 Download

Technical Support

To create a support case, you will need either your Maintenance Support number or your CD Tracking number. You can create a Case online or contact the product support line: (512)326-1011.