Fortinet Discovers F-Secure System Health Validator for NAP DLL Preloading Vulnerability
Fortinet's FortiGuard Labs has discovered a DLL preloading vulnerability in F-Secure's F-Secure System Health Validator for NAP.
F-Secure System Health Validator for NAP provides protection for Microsoft Network Access Protection. It helps check the system health against network based attacks.
F-Secure System Health Validator for NAP for Windows is susceptible to a DLL preloading vulnerability. The issue occurs when the application looks to load a DLL for execution and an attacker provides a malicious DLL to use instead. The application generally follows a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Users should apply the solution provided by F-Secure.
Fortinet reported the vulnerability to F-Secure on June 16, 2017.
F-Secure confirmed the vulnerability on June 29, 2017.
F-Secure patched the vulnerability on October 30, 2017.