VU#330121: IDrive for Windows ... Note

VU#330121: IDrive for Windows contains local privilege escalation vulnerability

The IDrive Cloud Backup Client for Windows versions 7.0.0.63 and earlier has a critical security flaw. This vulnerability allows for privilege escalation, granting unauthorized users SYSTEM-level access. The IDrive client, used for cloud backups, runs with elevated privileges on Windows systems. A flaw exists in how the client service, id_service.exe, handles specific configuration files. Standard users can modify these files due to weak permission configurations. An attacker can inject malicious code by overwriting these configuration files. When id_service.exe reads the modified files, the attacker's code executes with SYSTEM permissions. This could lead to complete control over the compromised machine. IDrive is developing a patch to address this vulnerability and users should update once it's available. In the interim, users should implement security measures to mitigate the risk. The vulnerability was discovered and reported by Matthew Owens and FRSecure.