Palo Alto Networks Security Advisories / PAN-SA-2022-0003

PAN-SA-2022-0003 Informational: Cortex XDR Agent: Proof of Concept (PoC) Reduces Effectiveness of Anti-Ransomware Protection Module


Informational

JSON
Published 2022-08-10
Updated 2022-08-10
Reference CTNGTR-6395
Discovered externally

Description

The Palo Alto Networks Product Security Assurance team is aware of a specifically crafted proof of concept (PoC) that reduces the effectiveness of the Cortex XDR agent Anti-Ransomware endpoint protection module. The specific technique used in the PoC does not impact behavioral threat protection, malware scanning, or other endpoint protection capabilities that detect security events and prevent attacks.

Product Status

VersionsAffectedUnaffected
Cortex XDR Agent All agents with a content update earlier than CU-610All agents with CU-610 or a later content update

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue. However, details of this technique are expected to become publicly available.

Solution

This technique is detected by Cortex XDR agents on Windows with content update 610 and later content update versions.

Acknowledgments

Palo Alto Networks thanks Itay Migdal at SafeBreach for discovering and reporting this issue.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.