We Just Fixed a Vulnerability Affecting Our Windows Client

We recently patched an issue with our CactusVPN Windows client’s installer package. To our knowledge, our users haven’t been directly affected by this vulnerability. Also, if you have the Windows client already installed, you don’t need to worry as you are not at risk.

We were able to do this thanks to Kushal Arvind Shah, a Senior Security Research Engineer at Fortinet’s FortiGuard Labs, which is a cyber threat research company that is constantly looking for vulnerabilities and threats that affect third-party software. He immediately got in touch with us once he came across this vulnerability.

The moment we found out, we quickly fixed the issue.

The Vulnerability Wasn’t in the Client Itself

Instead, there was a problem with a file in the installation package. Basically, it was a DLL hijacking vulnerability that could allow a potential attacker to load with high privileges a DLL file placed in the same folder with the Installer.

That means the code found in that corrupt DLL could have been executed at the exact same time when you ran the installer.

The emphasis is on “could have,” as it’s not guaranteed the corrupted code would have been triggered exactly every single time the installer would have been started up.

What Do You Need to Do?

If you already have the CactusVPN Windows app, you don’t need to do anything since you are not at any risk. Like we just said, this was a vulnerability that was only an issue during the installation process.

Those of you who want to install our Windows client need to make sure you only install the latest version (download it now).

And keep in mind – at the moment of the writing of this article, the latest CactusVPN Windows client version is 5.4.1.