Kaspersky fixes bug that allowed attackers to crash its antivirus

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Kaspersky Fixes Bugs That Allowed Attackers to Crash Its Antivirus

Russian security vendor Kaspersky Lab has recently patched four vulnerabilities in its flagship product, the Kaspersky Internet Security Suite, which allowed attackers to crash the antivirus and disclose information from the computer's memory.

The Cisco Talos team has identified these four issues (CVE-2016-4304, CVE-2016-4305, CVE-2016-4306, and CVE-2016-4307) affecting the product's KLIF, KLDISK and KL1 drivers, used to interact with underlying Windows APIs.

One bug is an information disclosure vulnerability, and the other three are DoS (Denial of Service) issues that crash the application.

DoS bugs are considered annoying at best and are low-priority security issues in most software applications, but this doesn't apply to antivirus engines (or "security systems," since nobody calls them antiviruses anymore).

"Although these vulnerabilities are not particularly severe, administrators should be aware that security systems can be used by threat actors as part of an attack, and keep such systems fully patched," the Cisco Talos team notes in their advisory. DoS bugs can have serious consequences in AV productsAn attacker who can run code on a machine with the Kaspersky antivirus installed could feed the antivirus malicious code that could crash the security product, which would allow them to run further malicious code without the antivirus blocking their actions.

The information leak bug could also be used to leak data from the memory and gain details about where certain processes are executing, data needed to plan further attacks and craft targeted exploits.

Kaspersky has addressed all issues with updates to its Internet Security Suite. Earlier this month, at the Black Hat USA 2016 security conference in Las Vegas, Kaspersky announced it was starting a bug bounty program that would reward security researchers for finding and privately disclosing security bugs in its software.

Kaspersky's decision was overshadowed by Apple's similar announcement, the Cupertino tech giant announcing a bug bounty program of its own.

Let's go and update it then...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top