Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Trouble report
ID:TR05S10236
Added on: 2021-05-11
Last Update: 2021-05-18
Solved in version: 6.15.1 and 7.5.2
Platform: All Windows Platforms
Product: NoMachine Server
Severity: Serious
Status: Solved
Print this article

Possible local privileges escalation on Windows

---

Trouble report solved in version 6.15.1 and 7.5.2.

---

 

NoMachine server installations on Windows could be exploited for local privileges escalation by means of DLL Search Order Hijacking.

Exploitation is however only possible if the system PATH variable contains a directory that is writable by non-admin users, which should not happen in normal conditions.

Affected NoMachine packages for Windows are: the free version of NoMachine, NoMachine Enterprise Desktop and NoMachine Cloud Server, both v. 7 and 6.

SOLVED, Released in version 6.15.1 and 7.5.2