CVE-2022-41604

Name of the Vulnerable Software and Affected Versions Check Point ZoneAlarm Extreme Security versions prior to 15.8.211.19229

Description The issue allows local users to escalate privileges due to weak permissions for the %PROGRAMDATA%CheckPointZoneAlarmDataUpdates directory and a self-protection driver bypass. This bypass enables the creation of a junction directory, which can be leveraged to perform an arbitrary file move as NT AUTHORITYSYSTEM.

Recommendations For versions prior to 15.8.211.19229, update to version 15.8.211.19229 or later to resolve the issue. As a temporary workaround, consider restricting access to the %PROGRAMDATA%CheckPointZoneAlarmDataUpdates directory to minimize the risk of exploitation.