CVE-2023-43896: 
Homebrew vulnerability analysis and mitigation

A buffer overflow vulnerability (CVE-2023-43896) was discovered in Macrium Reflect version 8.1.7544 and below, affecting the psmounterex.sys kernel mode driver. The vulnerability was identified in September 2023 and patched in October 2023. The driver, which enables Macrium backups to be mounted and accessed by file explorer as a 'virtual drive', contains a flaw that allows attackers to escalate privileges or execute arbitrary code (Macrium Advisory).

The vulnerability exists in the IRPMJREAD handler of the psmounterex.sys driver. The flaw allows an attacker to control the size of an allocation that is later used to read a file from disk. If the file size exceeds the allocation size, the file's contents are written beyond the boundary of the allocation, leading to kernel heap corruption. The vulnerability has been present since at least 2019. The CVSS v4.0 score is 9.3, indicating high severity with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H (Northwave Security).

The vulnerability could enable a non-elevated process to gain access to kernel space memory outside that used by the mounting operation. This could lead to system crashes and potentially be used as a stepping stone for privilege escalation attacks by sophisticated actors. The flaw could result in complete loss of system integrity (Macrium Advisory, Northwave Security).

The vulnerability has been patched in multiple versions: Macrium Reflect Home, Workstation, Server, and Server Plus v8.1.7675 (released October 9, 2023), Macrium Reflect Free Edition v8.0.7690 (released October 11, 2023), and Macrium Site Manager v8.1.7695 (released October 16, 2023). Users are encouraged to update to these versions at the earliest opportunity (Macrium Advisory).