Windows: Privilege Escalation due to improper ACLs set by QTIFW
Tenable has contacted Riseup about a security vulnerability an associated researcher found in the latest windows release.
The issue seems to be caused by improper ACL set by the QTIFW installer when the installation path is set outside of the default path (i.e. "Program Files (x86)"). A regular user can then overwrite the openvpn binary, which will then be executed with administrator privileges and can potentially lead to take complete control of the machine.
This issue will be initially marked as confidential. Once we release a proper remediation, a security advisory will be issued in coordination with tenable and this issue will be made public. According to tenable's disclosure policy the limit date for a disclosure is January 16, 2022.