A critical security vulnerability, identified as CVE-2023-27470, has been exposed in N-Able’s Take Control Agent, posing a high-severity risk to Windows systems. This vulnerability, with a CVSS score of 8.8, stems from a Time-of-Check to Time-of-Use (TOCTOU) race condition.
It allows local unprivileged attackers to potentially gain SYSTEM-level privileges and delete arbitrary files on affected Windows systems.
Furthermore, the vulnerability impacts versions 184.108.40.2061 and earlier of the Take Control Agent but has been addressed with the release of version 7.0.43 on March 15, 2023. Mandiant was responsible for disclosing this flaw on February 27, 2023, prompting a swift response from N-Able.
Additionally, the TOCTOU race condition is a type of software flaw where a program checks a resource’s state, but that state changes before it’s actually used, potentially leading to unauthorized access or unintended actions.
At the same time, Mandiant’s analysis reveals that this vulnerability could enable an attacker to manipulate the deletion of files, effectively tricking the system into deleting files as NT AUTHORITY\SYSTEM.
Furthermore, this flaw could be weaponized to achieve elevated code execution by exploiting a race condition attack targeting the Windows installer’s rollback functionality.
Finally, this vulnerability is considered a serious threat, emphasizing the importance of promptly updating affected systems to the patched version (7.0.43) to mitigate the risk of privilege escalation and data loss.