We recently released SandBlast Agent E81.30 that introduces stability and quality improvements.
A complete list of improvements can be found on the release Secure Knowledge sk160812.
SandBlast agent Software Release Policy
The security landscape is evolving and changing rapidly with more and more sophisticated cyber-attacks launched on a daily basis.
To meet these challenges we need to be agile with the introduction of new security engines and functionalities to SandBlast Agent.
SandBlast Agent monthly releases enables us to introduce new features and improve the solution quality and stability.
We understand that it may be challenging for our customers to deploy a new software release every month. For this reason, we came up with a new software release policy which will enable agile and rapid releases of new functionalities while maintaining high quality and stable releases.
SandBlast Agent monthly software release policy:
Latest Releases – Monthly releases which focus on new functionalities and maintenance fixes:
- These releases are targeted for customers who wish to deploy the new features and/or maintenance fixes.
- The latest releases passed all Check Point quality assurance and are General Available quality for all customers.
Recommended Releases – Quarterly basis releases focused mainly on stability and maintenance fixes:
- These releases are targeted for customers who wish to deploy Check Point’s recommended version.
- It’s a cumulative of previous “Latest releases” with no new content introduced in this version.
- General Availability quality for all customers.
E81.30 is our new recommended release candidate. As a quality release it includes only quality fixes with no new functionality.
We are monitoring the installation of each quality release. Once we get to high deployment numbers with no significant quality issues, we announce this release as the new recommended version.
Fixed Vulnerability in Initial Client CVE-2019-8461
SandBlast Agent Initial Client for Windows before version E81.30 is potentially vulnerable to privilege escalation on a clean image without Endpoint Client installed.
An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
Prior to E81.30, SandBlast Agent Initial Client for Windows tries to load a DLL placed in any PATH location on a clean image (i.e. without any prior Endpoint Client installed) allowing an attacker that already compromised the machine to put malicious DLL and use it for local escalation of privilege.
Installations of a version earlier to E81.30 are probably not vulnerable:
- For existing install base which already has any security blade installed – Not relevant as at this point the machine is no longer vulnerable.
- When deploying a full client and not an initial client – Not relevant as the full client is not vulnerable.
- When deploying an initial client that then pulls down the relevant blades as part of the IT deployment process before distributing machines to the employees – Not relevant as by the time the machine is handed out to the employee, it already has the blades deployed and therefore, not vulnerable.
When starting with 81.30, this is not relevant as the version is not vulnerable.
The only relevant case is in case:
- Distributing of SandBlast Agent client with initial client to machines with no previous SandBlast Agent installed. In this case, please move this process to use E81.30 initial client.
- You have an existing install base of machines with initial client (prior to E81.30) and with no security blade deployed to them (quite uncommon). In this case, either deploy the security blades or update the initial client to E81.30.