CVE-2023-29487 | Heimdal Thor - Threat To Process Correlation Operational Intel

Executive Risk Summary

"A potential denial of service (DoS) vulnerability was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, however Heimdal asserts this is not a valid vulnerability. The issue is related to the Threat To Process Correlation threat prevention module, which may cause a DoS via the lack of process identification in DNS logs."

Operational Audit Arsenal

Target Type Executable

Target Asset HeimdalThor.exe

Standard Path %ProgramFiles%\Heimdal\Thor

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: HeimdalThor.exe (Executable)
$Targets = 'HeimdalThor.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Unlikely

Low

Internal Work Notes

Investigate Heimdal Thor agent version and Threat To Process Correlation module configuration to determine potential impact of alleged DoS vulnerability.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93

Related Heimdal Threats

CVE-2023-29485 CVSS 9.8

Heimdal Thor - DarkLayer Guard

CVE-2023-29486 CVSS 9.8

Heimdal Thor - Next-Gen Antivirus

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.