A vulnerability in the Data Loss Prevention (DLP) for Windows agent has been discovered and resolved.
Affected software
The vulnerability CVE-2023-0400 affects the following versions of Data Loss Prevention for Windows:
- Data Loss Prevention for Windows 11.9.0 and 11.9.100
Remediated/updated versions
The vulnerability is remediated in this version of the Data Loss Prevention Endpoint for Windows software:
- DLP Endpoint for Windows
- DLP 11.9.x - Update to 11.10.0 (or later)
Impact
CVE-2023-0400 (CVSS: 5.5/5.0; Severity: Medium)
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.
This issue only affects versions 11.9.x. Previous 11.x versions aren't vulnerable. To exploit this vulnerability, the user must have the ability to map a network drive to their local machine.
They also need permission to either access data already on the mapped drive or copy data to the mapped drive.
Recommendation
Verify that you have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base article SB10394 -
Security Bulletin - Data Loss Prevention for Windows update fixes one vulnerability (CVE-2023-0400).