Security Bulletin 19410681
Thumbnails of encrypted files may disclose partial information
Low
Security Bulletin 19410681
04/12/2019
SUMMARY
Thumbnails of encrypted files in Windows Explorer may disclose partial plaintext information: for example very low resolution versions of image files, or first page preview for Microsoft PowerPoint files.
CVSS SCORE: BASE 2.4
- Attack Vector (AV): Physical (P)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): None (N)
AFFECTED PRODUCTS AND VERSIONS
- ZoneCentral for Windows version prior to 6.1.2242
SOLUTIONS AND RECOMMENDATIONS
- Upgrade to ZoneCentral for Windows version 6.1.2242 and above.
- More detailed instructions are provided in the ZoneCentral fix notes and in the PRIM’X Knowledge Base
WORKAROUND
As an alternative to the recommended solution, the Windows thumbnail system can be disabled by using Windows policy « Turn off the caching of thumbnails in hidden thumbs db files ». The local existing cache should be deleted to remove remanent versions of thumbnails.
For more information, contact support[@]primx[.]eu.
Acknowledgements
OPPIDA
