Critical RCE Vulnerability Found in Perforce Helix Core Server by Microsoft

December 18, 2023

Microsoft has unearthed four vulnerabilities in the Perforce Helix Core Server, a source code management platform extensively utilized in the gaming, government, military, and technology industries. The flaws were found during a security analysis of the product, which is used by Microsoft's game development studios. They were responsibly reported to Perforce in late August 2023.

Despite not witnessing any exploitation attempts of these vulnerabilities in the wild, Microsoft has advised users to upgrade to version 2023.1/2513900, which was released on November 7, 2023, to reduce potential risks. The vulnerabilities mainly involve denial of service (DoS) issues, with the most severe one permitting arbitrary remote code execution as LocalSystem by unauthenticated attackers.

The most hazardous flaw, CVE-2023-45849, enables unauthenticated attackers to run code from 'LocalSystem,' a highly privileged Windows OS account designated for system functions. This account level has the ability to access local resources and system files, alter registry settings, among other functions. The vulnerability stems from the server's improper handling of the user-bgtask RPC command. In its default setup, Perforce Server allows unauthenticated attackers to remotely execute arbitrary commands, including PowerShell scripts, as LocalSystem.

By exploiting CVE-2023-45849, attackers could install backdoors, gain access to sensitive information, create or change system settings, and potentially gain full control of the system running a vulnerable version of Perforce Server. The remaining three vulnerabilities, although less severe, could enable denial of service attacks, potentially causing operational disruption that could lead to substantial financial losses in large-scale deployments.

Apart from downloading the latest version of Helix Core from the vendor's download portal, Microsoft has also suggested following certain steps and adhering to the advice given in the official security guide.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.