Latest version: 1.8.10 || ZeroTier is now available on MikroTik. Read more.

ZeroTier for Windows Local Privilege Escalation

Summary: ZeroTier versions 1.8.7 and below for Windows set incorrect filesystem permissions on “C:\ProgramData\ZeroTier\One\”. The Users group had write access to the directory ZeroTier reads on startup, allowing privilege escalation via DLL hijacking. MacOS, Linux, and other platforms were not affected. Impact Local privilege escalation to SYSTEM. Mitigation Upgrade Windows systems to version 1.8.8. Acknowledgements […]
Read More

Incident Response to September 20th 2021

UPDATE: Version 1.6.6 is now released and contains an additional mitigation against this issue. We recommend upgrading. Intro On Sep 20th, Pulse Security published an advisory detailing conditions in which they were able to inject packets into a ZeroTier network. Status • Patches were applied to address this vulnerability on June 18, 2021, and September […]
Read More