Google’s Project Zero Discloses Logitech Vulnerability

Logitech’s Logic Called Into Question

On December 11, Google’s Project Zero disclosed a vulnerability in Logitech’s Options application. It seems that the application opened a port (10134) to simplify client-server communication.

However, this also means that authentication steps would be skipped, creating possible security risks.The researcher who discovered the vulnerability, Tavis Ormandy, suggests that an attacker could execute a keystroke injection and take control of a Windows PC running Logitech’s Options application.

Just two days after the public disclosure, Logitech released an update (version 7.00.564 for Windows, 7.00.554 for Mac). This update seems to have satisfied Ormandy’s concerns.

Companies need to sweep their network for the Logitech Options application and confirm the current version is deployed.

Is there an easier way to manage?

Use Syxsense to detect and then remediate critical updates. While you could run a comprehensive scan of all devices on a network, you can also run a targeted scan seeking a specific software. Easily see which devices are running which version of an application that might be at risk.

From there, it’s simple to set up a task that targets every device that need the update.