Private Internet Access VPN Malicious OpenSSL Engine Privilege Escalation Exploit

During startup the PIA Windows service(pia-service.exe) loads the OpenSSL library from C:\Program Files\Private Internet Access\libeay32.dll. This library attempts to load the C:\etc\ssl\openssl.cnf configuration file. By default on Windows systems, authenticated users can create directories under C:\. A low privileged user can create a openssl.cnf configuration file to load a malicious OpenSSL engine library resulting in the arbitrary code execution as SYSTEM when the service starts.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Thursday, July 25, 2019 - 19:00