Kaspersky has fixed a security issue CVE-2022-27534 that was located in a data parsing module and potentially allowed an attacker with ordinary user privileges to execute arbitrary code. The security issue was discovered using the dynamic analysis tool Crusher (made by ). We would like to thank the following researchers who discovered this issue and responsibly reported it: Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy of Institute for System Programming of the Russian Academy of Sciences (ISPRAS). Our applications support automatic updating procedure to make the process of receiving updates easier. To make sure that the fix is installed, a user can check that the antivirus databases are up to date. The fix was delivered to users automatically. The products mentioned above with antivirus databases released in June 2021 and later. An authenticated attacker with user rights could cause Windows crash by running a specially crafted application. Kaspersky has fixed a security issue CVE-2021-27223 in one of its modules, which was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. We would like to thank Nasreddine Bencherchali who discovered the issues and responsibly reported them to Kaspersky. Also, we recommend the users who can’t use the latest versions of the installers to follow these instructions. The users of already installed products are not affected by these issues. We recommend our customers to use the latest versions of the installers from our website. We access the severity of this issue as Low. To exploit this issue, the attacker needed administrator rights and had to create registry keys pointing to the file they wanted to execute. The third issue allowed an attacker to unnoticeably run an adversarial executable instead of running the uninstaller intended to remove the third-party security products when installing Kaspersky solutions.We access the severity of these issues as Low. This security issue allowed an attacker to legitimately run a third-party executable in the context of the installation process. Two reported issues relate to two executables from the products’ installers that could be utilized separately from the product.Kaspersky team has fixed three security issues in the installers of Kaspersky products for home, the Kavremover tool, and Kaspersky Endpoint Security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |