Hot Take Norton, Avira, Avast, AVG affected by a Privilege Escalation Bug


Level 26
Thread author
Honorary Member
Top Poster
Oct 2, 2011
Several popular Windows antivirus software brands under the Gen Digital umbrella were susceptible to a privilege escalation vulnerability.

The bug affected products from NortonLifelock (GenDigital), such as Norton Antivirus Windows Eraser Engine, Avira Security, Avast Antivirus, and AVG Antivirus. The vulnerability, tracked as CVE-2022-4294, was assigned a score of 7.1, indicating high severity.

According to an advisory published by Norton, four antivirus brands for Windows systems may be affected by a privilege escalation flaw. These types of vulnerabilities allow attackers to gain elevated system access after they initially compromise affected software.Privilege escalation flaws are valuable to attackers since they’re often required for various malicious activities but can get overlooked by developers because of their typically low severity scores.

According to Norton, the bug was fixed with “Avast and AVG Antivirus version 22.10, Norton Antivirus ERASER Engine and Avira Security version 1.1.78.” “We encourage customers to ensure their security software are always updated to the latest version available,” the software provider said. The information in the advisory indicates the flaw was mitigated with updates released starting October 5 for Norton, October 20 for Avast and AVG, and November 22 for Avira.

Researcher Bahaa Naamneh, a technical fellow at cybersecurity firm Crosspoint Labs, was acknowledged by the company in the advisory on mitigating the vulnerability.

Norton, Avira, Avast, and AVG are owned by a multinational software company Gen Digital, formerly known as NortonLifeLick and Symantec Corporation. The company boasts a revenue of over $2.7 billion and employs over 2,700 people.


Level 26
Feb 7, 2023
I wonder what this integration is.
Whilst I am unable to tell you what all integrations are as I don’t work there, the Enhanced Remediation and Side Effects Repair engine is what Norton and Symantec use to remove malware. The engine will use the graph (behavioural blocking information) to perform AGR (automated group remediation). Simply said, it will detect all the junk malware has created (files, folders, registry keys, scheduled tasks) and will shred them for good. Wherever graph holds no information it will use information from SCRIBE report (online emulation) to determine what needs to be removed as part of the attack.

ERASER is also capable of repairing damaged Windows files.
Last edited:
  • Like
Reactions: franz

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.