Security researchers at Sentinel One they discovered two serious ones vulnerabilities in products Avast and AVG security tools that have been around for 10 years and put millions at risk users. The vulnerabilities are in Avast's anti-rootkit driver (which is also used by AVG).
Intruders can use vulnerabilities to capture the entire Windows system.
The applications Avast and AVG are among the most widely used antivirus programs, and the existence of the two security gaps puts many users around the world at risk from cyber attacks.
CVE-2022-26522 and CVE-2022-26523
The Anti Rootkit driver developed by Avast is supposed to protect Windows systems from installing rootkits. When the Avast bought AVG, the same driver was adopted in both protection applications.
Unfortunately, earlier versions of the driver had the CVE-2022-26522 and CVE-2022-26523 vulnerabilities discovered by Sentinellabs. Both vulnerabilities are marked with a high severity level, as they leave users' systems vulnerable to highly effective attack methods. Attackers can gain elevated privileges which allows them to run code on kernel mode with normal user rights.
Security vulnerabilities not only allow permissions to increase but also disable security products, replace system components, corrupt the operating system, or run malware unhindered. This can be achieved because the anti-rootkit driver operates at the highest level of operating system privileges.
Avast was warned in December 2021
Security researchers informed Avast of their findings in December 2021. Since then, the company has been releasing security updates.
At this time, SentinelLabs has no evidence that exploit is currently in use.
According to Avast, the vulnerable driver was added to Avast 12.1, which was released in January 2012.
