Changes to Cytomic Encryption Behavior in Agent Version 1.25.03
Related Products_
- Cytomic Encryption
Description_
With the release of the Cytomic Agent v1.25.03, changes were introduced to the Cytomic Encryption behavior on Windows computers.
These changes are implemented as part of the security measures adopted to remediate a previously identified privilege escalation vulnerability. As a result, the Cytomic Encryption PIN-related configurations and behavior in Windows computers are now restricted to administrator users only.
What Has Changed?
To prevent this privilege escalation vulnerability, Cytomic Encryption now limits PIN-related encryption interactions to users with administrator privileges in Windows computers.
The main changes are:
- Non-administrator users are no longer presented with PIN/password entry dialogs.
- Certain encryption windows may no longer appear when logged in as a standard (non-administrator) user.
- PIN usage is now restricted to administrator users only.
- These changes apply to new encryption configurations a well as to existing ones.
If the logged-in user has administrator privileges, the behavior remains unchanged from previous versions and there is no impact in existing configurations.
How Can You Mitigate Operational Impact?
To reduce operational impact after upgrading to the Cytomic Agent v1.25.03:
- Use TPM-based encryption without PIN whenever possible.
- For devices without TPM support, plan administrator involvement for PIN configuration and future PIN-related changes.
Solution_
Future Improvements
These changes were introduced as part of security hardening measures to mitigate the previously identified privilege escalation vulnerability and ensure secure operation of Cytomic Encryption on Windows computers. The restoration of support for PIN-based authentication for non-administrative users is currently under evaluation, with the intention of reintroducing this capability provided that a secure and effective implementation mechanism is identified.
