I just found out using the OpenVAS scanner that STAS is affected by the Microsoft Windows Unquoted Path Vulnerability Windows. Uninstall registry entries and services using an unquoted path containing at least one whitespace allow a local attacker with low privileges and write permissions to place a malicious executable.
DisplayName|Name|PathName Sophos Transparent Authentication Suite|STAS|C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe
Hopefully this is fixed soon.
This thread was automatically locked due to age.
