A vulnerability in free version of Bitdefender Antivirus could be used by intruders to gain system rights in Windows.
The specific vulnerabilities (privilege escalation vulnerabilities) are used in a later stage of one attacks, since the hacker has already breached the victim's computer and needs elevated rights to run some malicious code as a power user.
The vulnerability is identified by the code CVE-2019-15295, and due to the lack of verification of the binaries being loaded (that they are signed and originated from a trusted site).
SafeBreach Labs' Peleg Hadar reports that the Bitdefender service (vsserv.exe) and the updater service (updatesrv.exe) were running as signed SYSTEM permissions.
However, they were trying to load one archive DLL that does not exist ('RestartWatchDog.dll') in system path.
One such location is 'c:/python27,' which comes with an access control list (ACL from access control list) which is open to any user who is authenticated on the computer. This makes privilege escalation possible because a user with normal privileges could "write" the missing DLL and load it from Bitdefender's signed processes.
SafeBreach disclosed the vulnerability to Bitdefender on July 17, and on August 14 it was patched by the company security.
On Monday, Bitdefender released an update for the product Antivirus Free 2020. So if you are using the app, it is best to update immediately.
Recall that iGuRu.gr in partnership with the company offers 6 annual licenses for the Bitdefender Total Security 2020, which can be used for different 5 devices.
_______________________
- Mercedes has admitted that your car is watching you
- See the Leonardo da Vinci notebook collection for free
- The Windows Notepad 10 application is now available in the Microsoft Store
- Enable Ransomware Protection in Windows Defender
- Bitdefender 2020 upgrades your security and privacy
- Avast 19.7 with Google Analytics tracking enabled
