A security researcher has found a critical vulnerability in certain antivirus products produced by Kaspersky Lab, who has released an emergency patch. The vulnerabilities could allow a hacker to compromise your computers.
The fault was discovered by Tavis Ormandy, vulnerability researcher and Google security engineer. Ormandy posted a screenshot on Twitter of the Windows calculator running under the Kaspersky process (which means the execution of malicious code is a possibility as well).
Versions 15 and 16 correspond to the 2015 and 2016 product lines, which Ormandy says the patch works great on. It hasn’t been confirmed, however, if just Kaspersky Anti-Virus was affected, or if their Internet Security and Total Security products were affected as well.
“It’s a remote, zero interaction SYSTEM exploit, in default config. So, about as bad as it gets.” comments Ormandy. The flaw has the potential to be exploited by something as simple as receiving a data packet, seeing an image on Twitter, or visiting an attacker-created website.
On the bright side, the fix has already been sent out to customers through automatic updates. Kaspersky Lab said that the vulnerability was a stack overflow that they were able to patch within 24 hours of receiving the report.
“Kaspersky Lab has always supported the assessment of our solutions by independent researchers. Their ongoing efforts help us to make our solutions stronger, more productive and more reliable.” says a representative of Kaspersky Lab. The company already uses anti-exploitation technologies such as ASLR and DEP, but continues improving its strategies to prevent exploitation of possible bugs in its software.
It may seem odd that a product designed to protect your computer from attacks, can have vulnerabilities that allow for attacks – but it’s really not uncommon. Lately, in order to make exploitation of vulnerabilities harder, there has been push from developers to reduce the amount of privileges software applications require. Unfortunately, antivirus products require the highest possible privileges to effectively do their jobs.
Due to the fact that they need to analyze so many file and code types from so many different sources, they have a larger surface area to attack. Typically then, antivirus products contain many vulnerabilities, but with companies capable of patching them in 24 hours -like Kaspersky Lab-, you can feel a little more secure.