Researchers have found security vulnerability in some mainstream anti-virus software
People install security software mainly to improve the security of their equipment with the help of security software to avoid data leakage or file loss caused by viruses.
But security software is also software, and software is bound to have loopholes, and loopholes may be exploited. Therefore, sometimes security software may become a virus springboard.
Recently, network security researchers recently disclosed vulnerabilities found in some mainstream anti-virus software, which can increase hackers’ privileges and endanger system security.
Of course, these vulnerabilities have been repaired before the vulnerability information is released, so users only need to keep the anti-virus software turned on and automatically update to repair such vulnerabilities.
Anti-virus software usually needs to be audited and certified by Microsoft. After the audit and certification are released, this anti-virus software has extremely high permissions to avoid virus damage.
The permissions here also include deleting files from any location. Even the permissions of anti-virus software can directly delete system files, but the permissions may also be abused.
For example, in the Windows XP era, McAfee used to kill a certain system file as a virus. As a result, a large number of computers kept crashing and restarting, crashing and restarting.
Researchers found that some anti-virus software has improper permissions configuration, and can use the permissions granted by Microsoft to delete files or increase file permissions.
Attackers can use this permission to delete specific files and then create symbolic links, point to malicious files through symbolic links, and then use anti-virus software to raise the permissions.
After researching mainstream anti-virus software, security researchers found that there are many security software with similar privilege escalation vulnerabilities. Of course, the vulnerabilities have been fixed.
The affected anti-virus software is as follows:
| Antivirus | Vulnerability |
| Kaspersky Security Center | CVE-2020-25043, CVE-2020-25044, CVE-2020-25045 |
| McAfee Endpoint Security and McAfee Total Protection | CVE-2020-7250, CVE-2020-7310 |
| Symantec Norton Power Eraser | CVE-2019-1954 |
| Fortinet FortiClient | CVE-2020-9290 |
| Check Point ZoneAlarm and Check Point Endpoint Security | CVE-2019-8452 |
| Trend Micro HouseCall for Home Networks | CVE-2019-19688, CVE-2019-19689, and three more unassigned flaws |
| Avira | CVE-2020-13903 |
| Microsoft Defender | CVE-2019-1161 |
Via: thehackernews
