Headline
CVE-2022-3859
An uncontrolled search path vulnerability exists in Trellix Agent (TA) for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL there.
On December 12th, 2022 at 9:30 AM UTC the URL used to access cloud services, such as ePO-SaaS, EDR, and Skyhigh branded products, will change to https://auth.ui.trellix.com.
- Before December 12, 2022, make sure that you have at least one administrator account exempt from IDP so you can continue to have access to the console until you can update your IDP configuration.
- After 9:30 AM UTC on December 12, 2022, SAML or SSO users will need to update their IDP configuration to restore access.
See KB96089 for details and to determine if additional changes are needed.