Files or Directories Accessible to External Parties

Summary

Rapid7 Velociraptor MSI Installer versions prior to 0.73.3 suffer from a vulnerability in which the installation directory is created with "WRITE_DACL" permission for the "BUILTIN\Users" group. This allows local non-administrator users to grant themselves Full Control permission on Velociraptor's files. By modifying these files, local users can manipulate the Velociraptor binary, potentially causing the Velociraptor service to execute arbitrary code as the "SYSTEM" user or replace the binary entirely.