- Feb 4, 2016
- 2,520
A patch that prevented NordVPN and ProtonVPN clients from running arbitrary code with administrator privileges on Windows machines implemented insufficient controls against the vulnerability, a security researcher discovered.
Both clients use OpenVPN open-source software to set up a secure tunnel from one point to another. The service needs to run with administrator permissions, so any code it runs enjoys these privileges.
[/QUOTE]
The client versions affected by the privilege escalation bug are ProtonVPN 1.5.1 and NordVPN 6.14.28.0. NordVPN users are automatically updated to the latest release of the application, while those using PrototonVPN need to start the process manually.