CVE-2023-52271

Name of the Vulnerable Software and Affected Versions Topaz Antifraud versions prior to 2.0.0.0

Description The wsftprm.sys kernel driver in Topaz Antifraud allows attackers with limited privileges to terminate any Protected Process Light process through the use of an IOCTL. This allows for the potential silencing of security products like Antivirus and Endpoint Detection and Response (EDR) systems. The issue was observed as early as September 2024 and remains a concern in 2026. Attackers can leverage this by sending a malicious IOCTL to the ZwTerminateProcess function at the kernel level, effectively removing the security software.

Recommendations Versions prior to 2.0.0.0 should be updated.