A vulnerability in free version of Bitdefender Antivirus could be used by intruders to gain system rights in Windows.
The specific vulnerabilities (privilege escalation vulnerabilities) are used at a later stage of an attack, since the hacker has already compromised the victim's computer and needs elevated privileges to run some malicious code as a power user.
The vulnerability is identified with the code CVE-2019-15295, and due to the lack of verification of the binaries being loaded (that they are signed and originated from a trusted site).
SafeBreach Labs' Peleg Hadar reports that the Bitdefender service (vsserv.exe) and the updater service (updatesrv.exe) were running as signed SYSTEM permissions.
However, they were trying to load a DLL file that does not exist ('RestartWatchDog.dll') in the system path.
One such location is 'c:/python27,' which comes with a list control access control list (ACL from the access control list) that is open to any user authenticated on the computer. This makes privilege escalation possible because a user with normal privileges could "write" the missing DLL and load it from Bitdefender's signed processes.
SafeBreach revealed the vulnerability in Bitdefender on 17 July and on 14 August it was repaired by the security company.
On Monday, Bitdefender released a information for the Antivirus Free 2020 product. So if you are using the app, it is best to update immediately.
Let us remind that the iGuRu.gr in collaboration with the company offers 6 annual licenses for the Bitdefender Total Security 2020, which can be used for different 5 devices.
_______________________
- Mercedes has admitted that your car is watching you
- See the Leonardo da Vinci notebook collection for free
- The Windows Notepad 10 application is now available in the Microsoft Store
- Enable Ransomware Protection in Windows Defender
- Bitdefender 2020 upgrades your security and privacy
- Avast 19.7 with Google Analytics tracking enabled
