CVE-2020-12612

Name of the Vulnerable Software and Affected Versions BeyondTrust Privilege Management for Windows versions through 5.6

Description An issue was discovered in BeyondTrust Privilege Management for Windows. When specifying a program to elevate, it typically uses the %ProgramFiles(x86)% environment variable, which points to the Program Files (x86) folder. However, on 32-bit machines, this environment variable does not exist. As a result, a standard user can create a user-level environment variable and repoint it to any folder they have full control of. By creating a specific folder structure, a rule can be made to match, allowing arbitrary code to run elevated.

Recommendations For versions through 5.6, consider disabling the elevation of programs that use the %ProgramFiles(x86)% environment variable until a patch is available. Restrict access to the Program Files (x86) folder to minimize the risk of exploitation. Avoid using user-level environment variables to repoint the %ProgramFiles(x86)% variable in the affected policy.