Sign In

Communications of the ACM

ACM TechNews

Flaws in Top Antivirus Software Could Make Computers More Vulnerable

An antivirus alert.

A cybersecurity researcher found vulnerabilities in popular antivirus solutions.

Credit: The Hacker News

CyberArk researcher Eran Shimony has revealed security vulnerabilities in popular antivirus solutions that could allow malware attackers to gain elevated permissions on the compromised systems.

Antivirus solutions from Kaspersky, McAfee, Symantec, Fortinet, Check Point, Trend Micro, Avira, and Microsoft Defender were impacted but have since been fixed.

The vulnerabilities result from the default discretionary access control lists for the "C:\ProgramData" folder of Windows.

Every user has write and delete permission on the base level of the directory, but there are concerns the flaws could allow a non-privileged process to create a new folder in "ProgramData" that later could be accessed by a privileged process.

The flaws could allow attackers to delete any file in the system or eliminate the content of any file in the system.

From The Hacker News
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account