PSIRT Advisories

FortiEDR CollectorWindows - protection bypass by killing the process with special tools

Summary

An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.

Affected Products

FortiEDR CollectorWindows version 5.1.0
FortiEDR CollectorWindows version 5.0.0 through 5.0.3.751
FortiEDR CollectorWindows version 4.0.0  through 4.1

Solutions

Please upgrade to FortiEDR CollectorWindows version 5.0.3.912 or above
Please upgrade to FortiEDR CollectorWindows version  5.2.0.2288 or above

Acknowledgement

Fortinet is pleased to thank Tomasz Niewdana from Fortinet for reporting this vulnerability under responsible disclosure.