Microsoft analysts found four vulnerabilities, including one critical, in the Perforce Helix Core Server, a widely used source code management platform. The flaws were discovered during a security review, and Microsoft responsibly reported them to Perforce in late August 2023. While there have been no observed exploitation attempts, users are advised to upgrade to version 2023.1/2513900, released on November 7, 2023, to reduce the risk.

The vulnerabilities mainly involve denial of service (DoS) issues, with the most severe allowing unauthenticated attackers to execute code as ‘LocalSystem.’ This account level has high privileges and can potentially access sensitive information and modify system settings. The remaining three vulnerabilities also allow DoS attacks, which could cause operational disruption and financial losses in large-scale deployments.

To protect against these vulnerabilities, Microsoft recommends regularly updating third-party software, restricting access using VPN or IP allow-list, using TLS certificates with a proxy for user validation, logging all access to the Perforce Server, setting up crash alerts for IT and security teams, and using network segmentation to contain breaches. Following the official security guide is also recommended.

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles