Security Bulletin 19410681

Thumbnails of encrypted files may disclose partial information

Low

Security Bulletin 19410681
04/12/2019

SUMMARY

Thumbnails of encrypted files in Windows Explorer may disclose partial plaintext information: for example very low resolution versions of image files, or first page preview for Microsoft PowerPoint files.

CVSS SCORE: BASE 2.4

  • Attack Vector (AV): Physical (P)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)

AFFECTED PRODUCTS AND VERSIONS

  • ZoneCentral for Windows version prior to 6.1.2242

SOLUTIONS AND RECOMMENDATIONS

  • Upgrade to ZoneCentral for Windows version 6.1.2242 and above.
  • More detailed instructions are provided in the ZoneCentral fix notes and in the PRIM’X Knowledge Base

WORKAROUND

As an alternative to the recommended solution, the Windows thumbnail system can be disabled by using Windows policy « Turn off the caching of thumbnails in hidden thumbs db files ». The local existing cache should be deleted to remove remanent versions of thumbnails.

For more information, contact support[@]primx[.]eu.

Acknowledgements

OPPIDA