CVE-2025-67813
📋 TL;DR
Quest KACE Desktop Authority versions through 11.3.1 have insecure permissions on named pipes used for inter-process communication, allowing unauthorized access to sensitive data or functionality. This affects organizations using Quest KACE Desktop Authority for endpoint management.
💻 Affected Systems
- Quest KACE Desktop Authority
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could intercept or inject data into privileged processes, potentially leading to privilege escalation, data theft, or system compromise.
Likely Case
Local attackers could eavesdrop on or manipulate inter-process communications, potentially accessing sensitive configuration data or disrupting management operations.
If Mitigated
With proper network segmentation and access controls, impact is limited to authorized users within the management network.
🎯 Exploit Status
Exploitation requires local access to the system and knowledge of named pipe communication patterns.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 11.3.2 or later
Vendor Advisory: https://support.quest.com/kb/4381743/quest-kace-desktop-authority-insecure-named-pipe-permissions-cve-2025-67813
Restart Required: Yes
Instructions:
1. Download the latest version from Quest support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart affected systems.
🔧 Temporary Workarounds
Restrict Named Pipe Access
windowsManually adjust named pipe permissions to restrict access to authorized users only.
Set-NamedPipeSecurity -PipeName "QuestKACE*" -AccessControl "Authenticated Users:Read"
icacls \\.\pipe\QuestKACE* /grant "Authenticated Users":(R)
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Quest KACE systems from untrusted networks.
- Enforce principle of least privilege for user accounts accessing Quest KACE systems.
🔍 How to Verify
Check if Vulnerable:
Check Quest KACE Desktop Authority version in Control Panel > Programs and Features. If version is 11.3.1 or earlier, system is vulnerable.Check Version:
wmic product where "name like 'Quest KACE Desktop Authority%'" get versionVerify Fix Applied:
Verify version is 11.3.2 or later and check named pipe permissions using PowerShell: Get-NamedPipeSecurity -PipeName "QuestKACE*"📡 Detection & Monitoring
Log Indicators:
- Unusual named pipe access attempts in Windows Event Logs (Security channel)
- Failed permission checks on Quest KACE named pipes
Network Indicators:
- Unusual inter-process communication patterns between Quest KACE components
SIEM Query:
source="windows" AND event_id="4656" AND object_name="\\Device\\NamedPipe\\QuestKACE*"