Richard Young

**Name of the Vulnerable Software and Affected Versions** APC UPS Daemon versions through 3.14.14 **Description** The default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges. This is possible by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup, due to "RW NT AUTHORITYAuthenticated Users" permissions for %SYSTEMDRIVE%apcupsdbinapcupsd.exe. **Recommendations** For APC UPS Daemon versions through 3.14.14, consider restricting write access to the %SYSTEMDRIVE%apcupsdbinapcupsd.exe file to prevent replacement with a malicious executable. As a temporary workaround, monitor the integrity of the apcupsd.exe file to detect any unauthorized changes.