Epic Games Launcher: Security vulnerability allows rights to be extended
Attackers can abuse a vulnerability in the Epic Games Launcher to extend their rights. An update corrects this.
(Image: Shutterstock.com/rafapress)
Due to a security vulnerability in the Epic Games Launcher, attackers can extend their rights in the system. An update is available that users of Epic games should apply. Anyone using Epic Games games under Windows should start the Epic Games Launcher if necessary and install any updates offered by it.
The vulnerability was discovered by Trend Micro's Zero Day Initiative. The product installer of the Epic Game Launcher assigns incorrect permissions to a sensitive folder, explains the CVE entry for the vulnerability. This allows attackers with low privileges on the system to execute arbitrary code in the SYSTEM context (CVE-2024-11872, CVSS 7.8, risk"high").
Epic Games Launcher: Update available
The developers have released a new version of the affected Epic Games Launcher and fixed the vulnerability in it. Version 17.2.0 should be downloaded automatically in the background, they write in a Trello entry. The update can then be installed by clicking on "Restart and Update" in the settings menu. If the installation is not initiated manually, it should be installed automatically the next time the software is started.
Videos by heise
A pop-up may also appear after downloading the update. The update can then be applied by clicking on the "Update" button, the developers explain. Epic Games is not yet aware of any abuse of the vulnerability in the wild.
Users who use Epic Games games such as Fortnite on Windows must have the Epic Games Launcher installed. If they have not launched the game or the Epic Games Launcher for some time, they should do so now in order to download and install the security update. As the vulnerability explicitly affects the Windows version of the Epic Game Launcher, players do not need to do anything on their smartphones, for example.
(dmk)
