Researchers of the security company SafeBreach recently discovered a security vulnerability (CVE-2019-8461) in the anti-virus software company Check Point. The affected product is the Endpoint Security Initial Client software used on Windows devices, which was included in versions prior to E81.30.
SafeBreach said the vulnerability affects the device’s device-assisted framework service. The computer automatically executes the service with SYSTEM privileges at startup and loads a library file named atl110.dll from the folder in the PATH environment variable. The hacker can disguise the malicious file as atl110.dll file and put it into a folder to get the privilege. Therefore, hackers can hide their malware or bypass the application whitelist.
In addition, there are reports that SafeBreach has also found similar vulnerabilities in Trend Micro and Bitdefender products. Currently, Check Pointy has released a security update to patch this vulnerability.