psmounterex.sys is a kernel mode driver that enables Macrium backups to be mounted and accessed by file explorer as a 'virtual drive'.
This issue regards being able to craft input such that a non-elevated process could gain access to kernel space memory outside that used by the mounting operation. This would enable a carefully crafted non-elevated process to trigger a system crash. Theoretically this class of flaw could be used as a privilege escalation attack stepping stone by a sophisticated actor.
This issue has been fixed in :
|Macrium Reflect Home, Workstation, Server, Server Plus||v8.1.7675||9th October 2023____________________||https://updates.macrium.com/reflect/v8/v8.1.7675/details8.1.7675.htm|
|Macrium Reflect Free Edition||v8.0.7690||11th October 2023||https://updates.macrium.com/reflect/v8/v8.0.7690/details8.0.7690.htm|
|Macrium Site Manager||v8.1.7695||16th October 2023||Release Notes|
We encourage all users of Macrium Reflect or Macrium Site Manager to update at the earliest opportunity.
We thank Northwave Cybersecurity for bringing this to our attention: