A vulnerability affecting all versions of Forcepoint VPN Client for Windows can be used to achieve persistence and evade detection. The application tries to run an executable from incorrect locations, which can be exploited by an attacker to run malicious files with SYSTEM permissions, the most privileged account on Windows. Forcepoint acknowledged the vulnerability and released an update for its VPN client for Windows. In an advisory yesterday, the company recommends customers to install version 6.6.1 of the product. In this context, an attacker with administrator privileges on the targeted host can place malware in one of the two locations.
Source: https://www.bleepingcomputer.com/news/security/forcepoint-fixes-privilege-escalation-bug-in-windows-vpn-client/