Secure Access 13.07

Important: Secure Access 13.07 Server and Windows Client Security Update

Issues common to the server and Windows client
Both the server and the Windows client contain vulnerabilities that could allow attackers with access to the desktop to elevate their level of privilege on the operating system.

Issues specific to the server
If an attacker has administrative access to the Secure Access Management interface, they could force another administrator to take an action during a subsequent session.

The highest severity rating of these vulnerabilities is 8.4, High.

In accordance with our disclosure policy, descriptions of vulnerabilities will not be released for at least 90 days to allow customers reasonable time to patch their systems.

For v13.x customers: The attacks can be mitigated by installing the update and following our recommendations for securely configuring network access to the administrative console.

For v12.x and v11.x customers: A security update is not planned for previous version of Secure Access. Please upgrade to the most recent Secure Access version to maximize the security posture of your deployment.

Absolute recommends that customers update their Secure Access servers and Windows clients to 13.07 as soon as possible.

For more information, contact securityresponse@absolute.com or nm-support@absolute.com