VULNERABILITY DIGEST FROM ACTION1

Patch Tuesday and third party updates| This Wednesday | 11 AM EDT / 5 PM CEST

REGISTER FOR THE WEBINAR
Action1 5 Blog 5 Security Advisory: ZDI-CAN-26767 – Vulnerability Patched in Action1 Agent

Security Advisory: ZDI-CAN-26767 – Vulnerability Patched in Action1 Agent

May 9, 2025

By Mike Walters

Action1 News
At Action1, securing our customers’ environments is paramount. On Monday, April 28, 2025 at 4:01 PM PDT, TrendMicro’s Zero Day Initiative (ZDI) responsibly disclosed ZDI CAN 26767, a high severity vulnerability, discovered by Xavier Danest, in our Windows agent (CVSS v3.1 score 7.8, classified as High severity) that could allow a low privileged user to locally execute code with SYSTEM privileges. There is no evidence of exploitation of this vulnerability in the wild.
________________________________________

Vulnerability Details

  • Identifier: ZDI CAN 26767
  • CVSS v3.1 Score: 7.8 (High severity)
  • Affected Versions: Action1 Agent 5.216.617.1 and earlier on Windows (macOS is not affected).
  • Attack Vector: Local (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

________________________________________

Rapid Response & Resolution

  1. Receipt of Vulnerability Details from ZDI:
    April 28, 2025 at 4:01 PM PDT
  2. Fix Development & Testing:
    Security and engineering teams triaged, developed, and tested a patch promptly.
  3. Release of Fixed Version:
    Version 5.218.620.1 was released on Wednesday, April 30, 2025 at 3:59 PM PDT—less than 48 hours after receiving the vulnerability details.
  4. Automatic Rollout:
    A phased rollout of the updated agent began deploying to all managed endpoints immediately.
    ________________________________________

Customer Guidance

  • Navigate to ‘Built-In Reports’ > ‘Patch Management’ > ‘ZDI-CAN-26767 Vulnerability Status’ to check for any agents running versions older than 5.218.620.1.
  • No action required if you are running version 5.218.620.1 or later—your agents have already been secured.
  • If you observe any endpoints still on versions prior to 5.218.620.1, this may be due to pending system reboots or other local issues. Start with rebooting endpoints. If it doesn’t solve the issue, we recommend:

1. Force uninstall the existing Action1 Agent.
2. Reinstall the latest version from our download portal.

________________________________________

Our Thanks & Commitment
We extend our sincere gratitude to TrendMicro’s ZDI team for their responsible disclosure and partnership in keeping our platform secure. This collaboration underscores our ongoing commitment to:

  • Vigilant monitoring of security reports
  • Rapid remediation of vulnerabilities
  • Transparent communication with our customers

Your trust motivates us to continually enhance the security and reliability of Action1’s endpoint management. If you have any questions or need assistance, please reach out to our support team.

If you have any questions or would like to discuss this further, feel free to reach out to me directly on LinkedIn or X (formerly Twitter). I’m here to help.

See What You Can Do with Action1

 

Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.

 

SAVE MY SPOT
spiceworks logo
getapp logo review
software advice review
trustradius
g2 review
spiceworks logo

Related Posts

WATCH DEMO