CVE-2024-9469: 
Cortex XDR vulnerability analysis and mitigation

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This vulnerability, identified as CVE-2024-9469, was discovered by Orange Cyberdefense Switzerland's Research Team and disclosed on October 9, 2024. The vulnerability affects multiple versions of the Cortex XDR Agent, including versions 8.4, 8.3, and 7.9-CE on Windows systems (Palo Advisory).

The vulnerability has been assigned a CVSS v4.0 base score of 5.7 (MEDIUM), with the following characteristics: Local attack vector, Low attack complexity, Present attack requirements, No user interaction needed, and High availability impact. The weakness is categorized as CWE-754: Improper Check for Unusual or Exceptional Conditions (Palo Advisory, NVD).

If exploited, this vulnerability could allow malware to disable the Cortex XDR agent and subsequently perform malicious activity on the affected system. The impact primarily affects the availability of the security agent, while confidentiality and integrity remain unaffected (Palo Advisory).

The vulnerability has been fixed in Cortex XDR Agent versions 7.9.102-CE, 8.3.1, 8.4.1, and all later versions. Organizations running affected versions should upgrade to the patched versions to mitigate this vulnerability (Palo Advisory).