A vulnerability in free version of Bitdefender Antivirus could be used by intruders to gain system rights in Windows.
Privilege escalation vulnerabilities are used at a later stage of an attack, after the hacker has already breached the victim's computer and needs elevated privileges to run a malicious code as a power user.
The vulnerability is identified by the code CVE-2019-15295, and due to the lack of verification of the binaries being loaded (that they are signed and originated from a trusted site).
Peleg Hadar of SafeBreach Labs reports that the service of Bitdefender (vsserv.exe) and the updater service (updatesrv.exe) were running as signed processes with SYSTEM privileges.
However, they were trying to load one archive DLL that does not exist ('RestartWatchDog.dll') in system path.
One such location is 'c:/python27,' which comes with a checklist access (ACL from the access control list) that is open to any user who is authenticated on the computer. This makes privilege escalation possible because a user with normal privileges could "write" the missing DLL and load it from Bitdefender's signed processes.
SafeBreach disclosed the vulnerability to Bitdefender on July 17 and on August 14 it was patched by company security.
On Monday, Bitdefender released an update to Antivirus Free 2020. So if you are using the app, it is best to update immediately.
Recall that iGuRu.gr in partnership with the company offers 6 annual licenses for the Bitdefender Total Security 2020, which can be used for different 5 devices.
_______________________
- Mercedes has admitted that your car is watching you
- See the Leonardo da Vinci notebook collection for free
- The Windows Notepad 10 application is now available in the Microsoft Store
- Enable Ransomware Protection in Windows Defender
- Bitdefender 2020 upgrades your security and privacy
- Avast 19.7 with Google Analytics tracking enabled
