Security researchers at Sentinel One they discovered two serious vulnerabilities in Avast and AVG security products that have been around for 10 years and endanger millions of users. The vulnerabilities are in Avast's anti-rootkit driver (which is also used by AVG).
Intruders can use vulnerabilities to capture the entire Windows system.
Avast and AVG applications are among the most widely used antivirus programs, and the existence of the two security vulnerabilities puts many users around the world at risk of cyber attacks.
CVE-2022-26522 and CVE-2022-26523
The Anti Rootkit driver developed by Avast is supposed to protect Windows systems from installing rootkits. When the Avast bought AVG, the same driver was adopted in both protection applications.
Unfortunately, older versions of the driver had the CVE-2022-26522 and CVE-2022-26523 vulnerabilities discovered by Sentinellabs. Both vulnerabilities are labeled with a high degree of severity, as they make users' systems vulnerable to highly effective attack methods. Intruders can gain increased privileges which allows them to run code in kernel mode with normal user rights.
Security vulnerabilities not only allow permissions to increase but also disable security products, replace system components, corrupt the operating system, or run malware unhindered. This can be achieved because the anti-rootkit driver operates at the highest level of operating system privileges.
Avast was warned in December 2021
Security researchers informed Avast of their findings in December 2021. Since then, the company has been releasing security updates.
At this time, SentinelLabs has no evidence that exploit is currently in use.
According to Avast, the vulnerable driver was added to Avast 12.1, which was released in January 2012.