Alexander Katziv

**Name of the Vulnerable Software and Affected Versions** Netskope NSClient versions 100 and prior **Description** A security issue was discovered in the NSClient product where a malicious non-admin user can disable the Netskope client using a specially-crafted package. The root cause is a user control code that does not validate user permissions before execution when called by a Windows ServiceController, allowing it to terminate the NSClient service. **Recommendations** For versions 100 and prior, update to a version later than 100 to resolve the issue. As a temporary workaround, consider restricting access to the user control code to prevent unauthorized execution until a patch is available.