Last revised: 10/15/2019
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows auto-update feature that can allow for modification of a GlobalProtect Agent MSI installer package on disk before installation. (Ref # GPC-8977, CVE-2019-17435)
Successful exploitation of this issue may allow a low-privileged local user to escalate their privileges to the System user.
GlobalProtect Agent 5.0.3 and earlier for Windows and GlobalProtect Agent 4.1.12 and earlier for Windows.
GlobalProtect Agent 4.1.13 and later for Windows and GlobalProtect Agent 5.0.4 and later for Windows.
Palo Alto Networks would like to thank Hanno Heinrichs of CrowdStrike Intelligence for reporting this issue.