A vulnerability in free version of Bitdefender Antivirus could be used by attackers to gain system privileges on Windows.
These specific vulnerabilities (privilege escalation vulnerabilities) are used at a later stage of an attack, after the hacker has already breached the computer of the victim and needs elevated privileges to run some malicious code as papower user.
The vulnerability is identified by the code CVE-2019-15295, and due to the lack of verification of the binaries being loaded (that they are signed and originated from a trusted site).
SafeBreach Labs' Peleg Hadar reports that the Bitdefender service (vsserv.exe) and the updater service (updatesrv.exe) were running as signed SYSTEM permissions.
Ωστόσο, προσπαθούσαν να φορτώσουν ένα αρχείο DLL που δεν υπάρχει ('RestartWatchDog.dll') σε path του συστήματος.
Μία από τις τοποθεσίες αυτές είναι και η 'c:/python27,', η οποία συνοδεύεται από μια λίστα ελέγχου πρόσβασης (ACL από το access control list) που είναι ανοικτή σε οποιονδήποτε χρήστη που έχει πιστοποιηθεί στον υπολογιστή. Το γεγονός καθιστά την κλιμάκωση προνομίων δυνατή επειδή ένας χρήστης με κανονικά δικαιώματα θα μπορούσε να "γράψει" το DLL που λείπει και να το φορτώσει από τις υπογεγραμμένες διεργασίες του Bitdefender.
SafeBreach disclosed the vulnerability to Bitdefender on July 17, and on August 14 it was patched by the company security.
On Monday, Bitdefender released an update for the product Antivirus Free 2020. So if you are using the app, it is best to update immediately.
Recall that iGuRu.gr in partnership with the company offers 6 annual licenses for the Bitdefender Total Security 2020, which can be used for different 5 devices.
_______________________
- Mercedes has admitted that your car is watching you
- See the Leonardo da Vinci notebook collection for free
- The Windows Notepad 10 application is now available in the Microsoft Store
- Enable Ransomware Protection in Windows Defender
- Bitdefender 2020 upgrades your security and privacy
- Avast 19.7 with Google Analytics tracking enabled
