813-999-0631 info@tetratos.com
BitDefender Confirms Security Flaw In Free Windows Antivirus 2020 Millions At Risk

August 26, 2019

These days, there’s not a week that goes by without news of some serious security breaches, and this month was no different despite the summer break—we can thank in part the BlackHat and DefCon conventions for the flood of new malicious hacks that were revealed in the last few weeks.

The security flaw in BitDefender Antivirus Free 2020 allows an attacker to take over a Windows machine

On Wednesday, researchers from the Silicon Valley-based security firm SafeBreach revealed a critical security flaw in BitDefender’s popular and latest free antivirus for Windows that allows malicious hackers to entirely take over a user’s computer.

“I’ve picked this particular software mainly because it’s a popular one which is probably used by many users, so this kind of vulnerability has a big impact,” told me Peleg Hadar, the security researcher at SafeBreach who discovered the security vulnerability. “In my opinion, it’s very important to fix these kinds of issues so people will be more secure.”

The reason why the vulnerability is so critical is that BitDefender’s developers have done a sloppy job in making sure that the piece of software—dubbed a DLL or dynamic link library—they are loading in memory and executing can be trusted and is actually the correct one which is properly signed by BitDefender. This malicious cyber exploit is often referred to as DLL hijacking.

Worse, BitDefender’s antivirus service will load the malicious code every time it is restarted, making it persistent and invisible to track.

“The vulnerability gives attackers the ability to load and execute malicious payloads using a signed service,” said Peleg Hadar. “This ability might be abused by an attacker, for example, to achieve Application Whitelisting Bypass for purposes such as execution and evasion.”

I’ve reached out to BitDefender to make sure that the security flaw did not affect the Romanian cybersecurity firm’s other products including its small office security suite, Antivirus Plus 2020 or GravityZone Security.

“No, it affects only the free product, as stated in the advisory,” confirmed to me Alexandru Catalin Cosoi, Bitdefender’s Chief Security Strategist. “They are different products. They have different architectures, different UX, a different paradigm.”

BitDefender’s also published a security advisory regarding the vulnerability as well as a patch to correct the flaw.

Atherton Research Insights

What’s really disconcerting is that these kinds of security exploits also referred to as “Privilege Escalation”—which can then be used to gain access to the Windows operating systems’ most privileged user account—are not new and have been going on for years.

Most recently, Peleg found the same kind of security flaw allowing the DLL hijacking in Trend Micro’s Password Manager 5.0: The Tokyo-based cybersecurity company eventually released an updated version on August 14 that resolves the vulnerabilities in both the standalone version of its password manager software and the version packaged with the latest consumer versions of Trend Micro Security 2019.

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Get weekly tech updates and immediate alerts when there is a zero-day or security issue!

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This