Published: May 11, 2018 | Last Updated: Sep 24, 2020
The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achieve persistent control of BIOS behavior, independent of later disk changes.
Security Updates
Product |
Platform |
Fix Versions |
Fix Version Release Date |
Rpcnet.exe v857 and earlier |
Windows OS |
898 |
Feb 1, 2011 |
Rpcnetp.exe v957 and earlier |
Windows BIOS |
961 |
Jul 14, 2017 |
Mitigations
N/A
Work Arounds
N/A
Read more about NIST CVE-2009-5151
What is the Absolute Agent (formerly Absolute Computrace Agent)?
The Absolute Computrace Agent is a piece of software that is packaged with
Absolute's Persistence technology embedded in over 1 Billion devices. The
agent provides for visibility and control of the device by creating a
digital tether between the device, and the Absolute Monitoring Center.
How can I check the Absolute agent version deployed on my device?
Log into the Absolute console and go to Assets > Devices. In the report,
go to the settings area and edit columns in the report to show the Agent
column. This column will report on the version of the agent that is
deployed to devices under Absolute management.
My Absolute Agent is reporting an older version - How can I update the
Absolute Agent?
Absolute manages the agent upgrade process as part of our service. If your
device is regularly calling into the Absolute Monitoring Center then the
upgrade to our latest agent will happen automatically. If you are still
seeing an outdate agent on a device under management, contact the Absolute
support team for assistance.