vulnerability
Sophos Intercept X for Windows: CVE-2024-8885: Resolved LPE vulnerability in Sophos Intercept X for Windows
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | 2024-10-02 | 2025-03-26 | 2025-05-13 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
2024-10-02
Added
2025-03-26
Modified
2025-05-13
Description
Sophos has fixed a local privilege escalation vulnerability, allowing arbitrary file writing, in the Device Encryption component of Sophos Intercept X for Windows. There is no action required for customers using the default updating policy, as updates for Recommended packages are installed automatically by default. Customers using Fixed Term Support (FTS) or Long Term Support (LTS) packages are required to upgrade to receive this fix. See below for details. Sophos would like to thank Sina Kheirkhah (@SinSinology) of watchTowr (https://watchtowr.com) for responsibly disclosing the issue to Sophos.
Solution
sophos-sophos-intercept-x-for-windows-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.