Security research has identified a Local Privilege Escalation (LPE) vulnerability affecting the Updater component used by:

  • winCVP - Versions 8.9.52.2 and higher on Celiveo 8 and Celiveo 365.
  • Admin Browser Agent (ABA) - Versions 1.0.26.2 and higher on Celiveo 8 and Celiveo 365.
  • Universal Print Endpoint (UPE) - Versions 1.1.9.2 and higher on Celiveo 365.


The Updater relies on third-party technology, and Celiveo is actively collaborating with the technology provider to ensure a prompt resolution at the core level.

In the meantime, Celiveo has developed an immediate mitigation that fully preserves the functionality of the affected modules. This mitigation involves removing the Updater via a PowerShell script.


Mitigation Steps [PowerShell script]:

  1. Download the UpdaterRemoval.zip PowerShell script at the bottom of this ticket.
  2. Extract the UpdaterRemoval.zip script to a folder. e.g. c:\users\%username%\desktop
  3. Right-click the Windows Start icon.
  4. Select Terminal (Admin) from the menu.
    Note: Administrator privileges are required to remove services and folders under Program Files.
  5. When prompted, click Yes to allow administrative access.
  6. At the terminal prompt, run the following command from the extracted path:
  7. .\UpdaterRemoval.ps1


Mitigation Steps [Manual]:

In case running PowerShell script is not possible.

  1. Press Windows Start icon.
  2. Type Command Prompt
  3. Right click on top of Command Prompt and select Run as Administrator.
    Note: Administrator privileges are required to remove services and folders under Program Files.
  4. When prompted, click Yes to allow administrative access.
  5. At the Command Prompt, run the following commands:
    1. sc stop "Celiveo Virtual Printer Updater Service"
    2. sc delete "Celiveo Virtual Printer Updater Service"
    3. sc stop "ABA_updater"
    4. sc delete "ABA_updater"
    5. sc stop "UPE_updater"
    6. sc delete "UPE_updater"
    7. del /s /q "C:\Celiveo Virtual Printer Updater Service.exe"
    8. del /s /q "C:\Celiveo Virtual Printer Updater Service.ini"
    9. del /s /q "C:\ABA_updater.exe"
    10. del /s /q "C:\ABA_updater.ini"
    11. del /s /q "C:\UPE_updater.exe"
    12. del /s /q "C:\UPE_updater.ini"
    13. rmdir /s /q "C:\ProgramData\Celiveo\Celiveo Virtual Printer\updates"
    14. rmdir /s /q "C:\ProgramData\Celiveo\Celiveo Browser Agent\updates"
    15. rmdir /s /q "C:\ProgramData\Celiveo\Celiveo Universal Printer Endpoint\updates"


We recommend applying this mitigation as soon as possible to eliminate the vulnerability while we work toward a permanent fix.