Palo Alto Networks Security Advisories / PAN-SA-2022-0003

PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module


Informational

Description

The Palo Alto Networks Product Security Assurance team is aware of a specifically crafted proof of concept (PoC) that reduces the effectiveness of the Cortex XDR agent Anti-Ransomware endpoint protection module. The specific technique used in the PoC does not impact behavioral threat protection, malware scanning, or other endpoint protection capabilities that detect security events and prevent attacks.

Product Status

VersionsAffectedUnaffected
Cortex XDR Agent All agents with a content update earlier than CU-610All agents with CU-610 or a later content update

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this technique are expected to become publicly available.

Solution

This technique is detected by Cortex XDR agents on Windows with content update 610 and later content update versions.

Acknowledgments

Palo Alto Networks thanks Itay Migdal at SafeBreach for discovering and reporting this issue.

Timeline

Initial publication
© 2022 Palo Alto Networks, Inc. All rights reserved.