CyberArk Discover Numerous Vulnerabilities In Popular Antivirus Solutions

  •  
  •  
  •  
  • 1
  • 1
  •  
  •  
    2
    Shares

Researchers from CyberArk Labs have found serious vulnerabilities in multiple antivirus solutions. Briefly, they found privilege escalation bugs in these programs that exposed the devices to cyber threats.

Vulnerabilities in antimalware products are significantly threatening since these programs usually run with high privileges, often at the admin level. Hence, any bugs here, especially the privilege escalation found by CyberArk, could give elevated access to an adversary.

Briefly, the researchers observed that in most cases, the issues existed because of the default DACLs of the C:\ProgramData directory. This director, on Windows, is accessible by all users, unlike the %LocalAppData% that specifies to the logged-in user only.

It means any user can read/write files in ProgramData and will have full control of the data present here. Thus, any process created by a non-privileged user that a privileged user executes later will give rise to security issues.

Such exploitation could allow for symlink attacks, whilst deleting arbitrary files and point to malicious files.

Also, they found DLL hijacking flaw affecting some antivirus programs.

Technical details about these vulnerabilities are available in the researchers’ post. Whereas, following is the list of all programs that had the vulnerabilities, with the respective CVEs.

  • Kaspersky: CVE-2020-25045, CVE-2020-25044, CVE-2020-25043
  • Trend Micro: CVE-2019-19688, CVE-2019-19689 +3
  • Symantec: CVE-2019-19548
  • McAfee: CVE-2020-7250, CVE-2020-7310
  • Checkpoint: CVE-2019-8452
  • Fortinet: CVE-2020-9290
  • Avira: CVE-2020-13903
  • Microsoft: CVE-2019-1161
  • Avast + F-Secure: Waiting for Mitre

Patches Released

After discovering the vulnerabilities, CyberArk reached out to the respective vendors to report the matter.

Consequently, they have confirmed that all vendors have patched the flaws in their respective antivirus programs.

Besides, they have also shared some easy solutions for all to address such bugs in the future.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

4 thoughts on “CyberArk Discover Numerous Vulnerabilities In Popular Antivirus Solutions

  • October 12, 2020 at 6:21 am
    Permalink

    How about Bitdefender? Is it free from this vulnerability?

  • October 11, 2020 at 7:53 am
    Permalink

    I never had have any virus problem from the time I am on Kaspersky IS. Does that bug needs software update to receive patch? Or, we only need database update?

  • October 10, 2020 at 7:56 pm
    Permalink

    I haven’t had a virus problem or used an AV in 12 yrs – since I switched all of my machines to linux.

  • October 9, 2020 at 4:36 pm
    Permalink

    I have also said it’s all a money game to all these security companies trying to sale the user everything but the kitchen sink All the big names above they care more on that then truly protecting the user and truly believe the boy or girl in the dark room will outsmart any security program just stick with your internet carrier security suite they offer or windows defender

Comments are closed.

Do NOT follow this link or you will be banned from the site!