Microsoft discovers critical RCE flaw in Perforce Helix Core Server


Four vulnerabilities have been found in the Perforce Helix Core Server, a popular source code management system used by the gaming, government, military, and technology sectors. One of the vulnerabilities is rated critical. The program is used by the company’s game development teams. Microsoft analysts found the issues during a security check, and they dutifully reported them to Perforce in late August 2023.

Upgrading to version 2023.1/2513900, which was issued on November 7, 2023, is advised for users of the software to reduce risk, even though Microsoft claims it has not seen any attempts to exploit the vulnerabilities in the wild. The four vulnerabilities that Microsoft found are mostly related to denial of service (DoS) attacks; the most serious one permits unauthorized attackers to execute arbitrary remote code as LocalSystem.

Read More…