In October 2020, Fortinet's FortiGuard Labs reported an arbitrary file deletion vulnerability in our product Malwarebytes Endpoint Protection. The product was mistakenly deleting good files that were symbolically linked to detections at the time of quarantine. Fortinet's risk rating for the vulnerability discovered is 2/5, which implies that it is a low-risk vulnerability.
For more details of this vulnerability, see: CVE-2020-28641
To address this vulnerability, we released an update to the Malwarebytes Endpoint Agent on December 10, 2020 containing the following four components:
- Endpoint Protection: 1.2.0.849
- Endpoint Protection Protection Update: 1.0.34371
- Protection Service Version: 4.2.3.96
- Component Package version: 1.0.1126
To stay protected, make sure your managed endpoints are updated to the latest version. For more information, see Update endpoint software in Malwarebytes Nebula.