Title

Security Enhancements for Protecting Against DLL Injection (6/14/2024)

Description

We have implemented additional security enhancements for the Phish Alert Button (PAB) in Outlook (EXE versions), the Second Chance Client, and the PIQ Client to bolster protections against CVE-2024-29210.

Impact

These improvements aim to prevent DLL injections that could potentially occur under specific circumstances involving system compromise. Although the likelihood of such events is minimal and robust security practices within organizations help mitigate the risk, our commitment to adhering to security best practices necessitates fully addressing any potential vulnerabilities.

Affected Products

• Phish Alert Button (PAB) for Outlook EXE versions <1.10.14
• Second Chance Client versions <2.0.12
• PIQ Client versions <1.0.18
• ADI Sync versions <1.10.2

Remediation

KnowBe4 has released a patch that enhances protections against DLL Injection attacks. Please ensure automatic updates have updated the affected clients or manually update following the documentation in the KnowBe4 support site.