Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges

A critical symlink vulnerability in Tenable’s Nessus Agent for Windows allows attackers to gain SYSTEM-level code execution. Upgrade to version 11.1.3 immediately.

What’s new: A vulnerability in Tenable’s Nessus Agent for Windows allows attackers to execute arbitrary code with SYSTEM privileges through a symlink attack. This flaw can lead to file deletion and potential complete control over affected machines.

Who’s Affected

Organizations using Nessus Agent installations on Windows systems are at risk, particularly those deploying the agent on sensitive servers and workstations.

What To Do

Upgrade to Nessus Agent version 11.1.3 immediately to mitigate the vulnerability.
Prioritize patch deployment in environments with high-value or internet-adjacent Windows systems.
Report any newly discovered vulnerabilities to Tenable for coordinated patching.

Sources

Cyber Security News

Cursor AI Code…
Microsoft Patch…
Details emerge…
Researchers…

Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges

Who’s Affected

What To Do

Sources

Related Posts:

NSAuditor AI Pro & Enterprise Edition v0.2.1 Released — Parallel Analysis Agents and Verified Findings Bring Senior-Analyst Triage to Network Security Audits

“Introducing nsauditor-ai v0.1.24: The Open-Source Tool for Enhanced MCP Server Detection and Security Audits”

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

NSAuditor AI Pro & Enterprise Edition v0.2.1 Released — Parallel Analysis Agents and Verified Findings Bring Senior-Analyst Triage to Network Security Audits