Researchers from CyberArk Labs have found serious vulnerabilities in multiple antivirus solutions. Briefly, they found privilege escalation bugs in these programs that exposed the devices to cyber threats.
Vulnerabilities in antimalware products are significantly threatening since these programs usually run with high privileges, often at the admin level. Hence, any bugs here, especially the privilege escalation found by CyberArk, could give elevated access to an adversary. Moreover, to perform an expert level security analysis, and incorporating the privilege of security access, CyberArk training would help you to drive enormous benefits especially for your organizations.
Briefly, the researchers observed that in most cases, the issues existed because of the default DACLs of the C:\ProgramData directory. This director, on Windows, is accessible by all users, unlike the %LocalAppData% that specifies to the logged-in user only.
It means any user can read/write files in ProgramData and will have full control of the data present here. Thus, any process created by a non-privileged user that a privileged user executes later will give rise to security issues.
Such exploitation could allow for symlink attacks, whilst deleting arbitrary files and point to malicious files.
Also, they found DLL hijacking flaw affecting some antivirus programs.
Technical details about these vulnerabilities are available in the researchers’ post. Whereas, following is the list of all programs that had the vulnerabilities, with the respective CVEs.
- Kaspersky: CVE-2020-25045, CVE-2020-25044, CVE-2020-25043
- Trend Micro: CVE-2019-19688, CVE-2019-19689 +3
- Symantec: CVE-2019-19548
- McAfee: CVE-2020-7250, CVE-2020-7310
- Checkpoint: CVE-2019-8452
- Fortinet: CVE-2020-9290
- Avira: CVE-2020-13903
- Microsoft: CVE-2019-1161
- Avast + F-Secure: Waiting for Mitre
Patches Released
After discovering the vulnerabilities, CyberArk reached out to the respective vendors to report the matter.
Consequently, they have confirmed that all vendors have patched the flaws in their respective antivirus programs.
Besides, they have also shared some easy solutions for all to address such bugs in the future.
Let us know your thoughts in the comments.
4 comments
How about Bitdefender? Is it free from this vulnerability?
I never had have any virus problem from the time I am on Kaspersky IS. Does that bug needs software update to receive patch? Or, we only need database update?
I haven’t had a virus problem or used an AV in 12 yrs – since I switched all of my machines to linux.
I have also said it’s all a money game to all these security companies trying to sale the user everything but the kitchen sink All the big names above they care more on that then truly protecting the user and truly believe the boy or girl in the dark room will outsmart any security program just stick with your internet carrier security suite they offer or windows defender
Comments are closed.