I haven’t posted this sort of advisory in a while, but given the seriousness of this I thought it might be a good idea for the word to get out a little wider.

The following showed up in my inbox this morning.

Cisco Security Agent (CSA) is a security software agent that provides threat protection for server and desktop computing systems. CSA agents can be managed by CiscoWorks VMS Management Center for Cisco Security Agents or can be standalone agents running on Cisco IP Communications application servers. Standalone agents for Cisco IP Communications application servers must be manually installed on the IP Communications application server.

A vulnerability exists in CSA agents that can allow a privilege escalation through locally executed software, providing a normal user or attacker with local system level privileges on a Windows workstation or server running managed or standalone CSA 4.5.0 or 4.5.1 agents.

Cisco Security Advisory

Consider that a malicious website or email (or any malware in general that gets on to a computer) can use this to gain Local System privileges on a system. Getting such access would make them nearly impossible to remove. We’re talking removing the Sony rootkit difficultly levels here.

Anyone that uses the Cisco Security Agent really should read up on this and apply the patch as quickly as possible. This is not a small issue.