Security Vulnerabilities In OpenVPN Windows Client

Is there a plan to address the vulnerabilities discovered by Microsoft and announced at Black Hat USA 2024?

Relevant info:

I believe the Pritunl client may not be impacted by the first 3 CVEs since it doesn’t appear that openvpnserv.exe is included in the client distribution. However, the Windows TAP driver is included and used and it currently is at version 9.24.6.601(with Pritunl 1.3.3883.60 installed)

The client doesn’t utilize the OpenVPN service (openvpnserv.exe), none of these vulnerabilities impact the current client release.

The CVE-2024-1305 is specifically about the Windows TAP driver. Does Pritunl not use that?

When looking at the Pritunl virtual adapters on my system it appears to use that driver. Versions below 9.27.0 are vulnerable.

That isn’t a significant issue for the client, it will be updated in the next release.