TrueCrypt Local Privilege Escalation Vulnerability (CVE-2015-7358)

TrueCrypt Local Privilege Escalation Vulnerability (CVE-2015-7358)
TrueCrypt Local Privilege Escalation Vulnerability (CVE-2015-7358)

Release date:
Updated on:

Affected Systems:

TrueCrypt <= 7.1a
VeraCrypt 1.14

Description:

CVE (CAN) ID: CVE-2015-7358

TrueCrypt is a free open-source encryption software.

A security vulnerability exists in Driver Installation in TrueCrypt in Windows. After successful exploitation, local users with limited permissions can escalate their system permissions. Attackers exploit this vulnerability through drive letter processing.

<* Source: James Forshaw

Link: http://www.openwall.com/lists/oss-security/2015/09/24/3
*>

Suggestion:

Vendor patch:

TrueCrypt
---------
Currently, developers have not provided patches or upgrade programs. We recommend that you use VeraCrypt (Open Source program based on TrueCrypt) to obtain the latest version from the address below and fix the vulnerability in the latest version:

Https://veracrypt.codeplex.com/wikipage? Title = Release % 20 Notes

VeraCrypt
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://veracrypt.codeplex.com/wikipage? Title = Release % 20 Notes

This article permanently updates the link address: