Mops21

Level 28
Verified
Trusted
Content Creator
Hi all

HitmanPro 3.8.18 build 312

HitmanPro build 312

Changelog

•FIXED: Security Issue.

We fixed a security issue that could lead to a privilege escalation scenario. This means when another product is using HitmanPro and starts it with higher privileges than the logged in user, some features are no longer enabled, as they could be abused to manually launch a (malicious) application with those privileges.

Download
32-bit https://dl.surfright.nl/HitmanPro.exe
64-bit https://dl.surfright.nl/HitmanPro_x64.exe




With best Regards
Mops21
 

plat1098

Level 21
Verified
What do they mean when another product that uses it?
I know. When the new build was posted over at Wilders Security, they didn't even post initially what "Security Issue" it was. I had to ask and then it was tacked into the original post like an after-thought.

So your guess is as good as anyone's, unless someone has the gumption to go back to Wilders and press for further info. No sense making hot air and noise about "transparency." No such animal in this context.
 
I know. When the new build was posted over at Wilders Security, they didn't even post initially what "Security Issue" it was. I had to ask and then it was tacked into the original post like an after-thought.

So your guess is as good as anyone's, unless someone has the gumption to go back to Wilders and press for further info. No sense making hot air and noise about "transparency." No such animal in this context.
Local privesc in security software is bad, really bad and I can't believe they would not know about a local privesc through testing production ready releases of HMP in the lab. This bug would own most users of HMP.Alert if they ran a scan with the anti-malware engine incorporated into HMP.Alert which is HMP.

Find out when this bug was introduced and how many builds had this exploit before the fix and who was targeted (because they would know if the bug was fixed and by licensing servers of those who were targeted) the picture will get clearer. Exploits like this is a perfect way to own users while claiming deniability by a company. They didn't break the security program or encryption there was a bug/exploit in the code. If it smells like crap, looks like crap, it is crap.

If this exploit was a genuine mistake by development I would think they would be more forthcoming and honest.
 

JB007

Level 21
Verified
Hi all

HitmanPro 3.8.18 build 312

HitmanPro build 312

Changelog

•FIXED: Security Issue.

We fixed a security issue that could lead to a privilege escalation scenario. This means when another product is using HitmanPro and starts it with higher privileges than the logged in user, some features are no longer enabled, as they could be abused to manually launch a (malicious) application with those privileges.

Download
32-bit https://dl.surfright.nl/HitmanPro.exe
64-bit https://dl.surfright.nl/HitmanPro_x64.exe




With best Regards
Mops21
Hello,
When I try to download the 64-bit version, the link is blocked by F-Secure SAFE , but not the 32-bit version:unsure:
Do you think it is a false positive? I have yet notified this detection to F-Secure support.
FP.PNG
 
Top