October 25, 2020

Researchers have found security vulnerability in some mainstream anti-virus software

2 min read

People install security software mainly to improve the security of their equipment with the help of security software to avoid data leakage or file loss caused by viruses.

But security software is also software, and software is bound to have loopholes, and loopholes may be exploited. Therefore, sometimes security software may become a virus springboard.

Recently, network security researchers recently disclosed vulnerabilities found in some mainstream anti-virus software, which can increase hackers’ privileges and endanger system security.

Of course, these vulnerabilities have been repaired before the vulnerability information is released, so users only need to keep the anti-virus software turned on and automatically update to repair such vulnerabilities.

Anti-virus software usually needs to be audited and certified by Microsoft. After the audit and certification are released, this anti-virus software has extremely high permissions to avoid virus damage.

The permissions here also include deleting files from any location. Even the permissions of anti-virus software can directly delete system files, but the permissions may also be abused.

For example, in the Windows XP era, McAfee used to kill a certain system file as a virus. As a result, a large number of computers kept crashing and restarting, crashing and restarting.

Researchers found that some anti-virus software has improper permissions configuration, and can use the permissions granted by Microsoft to delete files or increase file permissions.

Attackers can use this permission to delete specific files and then create symbolic links, point to malicious files through symbolic links, and then use anti-virus software to raise the permissions.

After researching mainstream anti-virus software, security researchers found that there are many security software with similar privilege escalation vulnerabilities. Of course, the vulnerabilities have been fixed.

The affected anti-virus software is as follows:

Antivirus Vulnerability
Kaspersky Security Center CVE-2020-25043, CVE-2020-25044, CVE-2020-25045
McAfee Endpoint Security and McAfee Total Protection CVE-2020-7250, CVE-2020-7310
Symantec Norton Power Eraser CVE-2019-1954
Fortinet FortiClient CVE-2020-9290
Check Point ZoneAlarm and Check Point Endpoint Security CVE-2019-8452
Trend Micro HouseCall for Home Networks CVE-2019-19688, CVE-2019-19689, and three more unassigned flaws
Avira CVE-2020-13903
Microsoft Defender CVE-2019-1161

Via: thehackernews