Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges

Source: Cyber Security News

Author: Guru Baran

URL: https://cybersecuritynews.com/nessus-agent-vulnerability-on-windows/

ONE SENTENCE SUMMARY:

A Windows Nessus Agent junction abuse flaw enables SYSTEM-level file deletion, escalating to code execution, patched in version 11.1.3.

MAIN POINTS:

1. Newly disclosed Nessus Agent for Windows bug enables SYSTEM-level privilege escalation.
2. Attackers can abuse NTFS junctions to redirect privileged filesystem operations.
3. Flaw permits arbitrary file deletion performed by the Nessus Agent service.
4. Controlled deletion can cascade into full arbitrary code execution as SYSTEM.
5. Exploitation requires local access to plant a malicious junction.
6. Unvalidated junction following during deletion routines causes unintended target manipulation.
7. SYSTEM context enables disabling security tools, installing rootkits, and persistent compromise.
8. Enterprises running agents on sensitive endpoints face severe downstream impact.
9. Tenable fixed the issue in Nessus Agent version 11.1.3.
10. Immediate upgrading via Tenable Downloads Portal is strongly recommended.

TAKEAWAYS:

1. Prioritize patching Nessus Agent on Windows endpoints, especially high-value or exposed systems.
2. Treat junction/symlink attacks as critical whenever privileged services touch user-influenced paths.
3. Limit local attacker opportunities by hardening endpoints and restricting write access to agent directories.
4. Validate privileged file operations against reparse points to prevent unintended redirections.
5. Maintain coordinated disclosure channels with vendors to accelerate remediation and reduce exposure.