Experts have identified holes in many antiviruses (Kaspersky, Avira, Symantec)

Experts have identified holes in many antiviruses (Kaspersky, Avira, Symantec)

Security researchers from CyberArk Labs have identified vulnerabilities in popular antivirus products. In case of successful exploitation these gaps allow attackers to increase rights in the system. Since antiviruses work with elevated privileges, flaws in their code can be especially dangerous.

Malware that exploits such holes can not only bypass security solutions, but also firmly entrench itself in the attacked system

According to the experts of CyberArk Labs, many popular antiviruses can be used in attacks using file manipulation techniques. Among the affected products the researchers noted antiviruses from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira and Microsoft Defender.



Luckily, developers have already gotten rid of dangerous loopholes for cybercriminals, but it will still be useful to know what we were dealing with.

As explained by the experts, the main reason is the default permissions in the C:\ProgramData directory. This folder is used to store applications and any user on the system can read and write to this directory.

“It is logical that processes and services that are not tied to a particular user will use the ProgramData directory. This is why the permissions are configured so that any user can read and write to it, but there is also a gap – an attacker can remove certain files from those folders”,
– are written by experts in the report.



Thus, an attacker can use a privileged process to delete a file and create a symbolic link to another arbitrary malicious file.

The researchers also reported on DLL interception vulnerability in Trend Micro and Fortinet antivirus products. In this case, an attacker can “slip” a malicious DLL into the directory of the desired application and execute it with increased rights.

.

  • Kaspersky – CVE-2020-25045, CVE-2020-25044, CVE-2020-25043
  • McAfee – CVE-2020-7250, CVE-2020-7310
  • Symantec – CVE-2019-19548
  • Fortinet – CVE-2020-9290
  • Checkpoint – CVE-2019-8452
  • Trend Micro – CVE-2019-19688, CVE-2019-19689 +3
  • Avira – CVE-2020-13903
  • Microsoft – CVE-2019-1161

 

Source: anti-malware.



WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


6 Views

0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments


Do NOT follow this link or you will be banned from the site!
0
Would love your thoughts, please comment.x
()
x

Spelling error report

The following text will be sent to our editors: