These days, there’s not a week that goes by without news of some serious security breaches, and this month was no different despite the summer break—we can thank in part the BlackHat and DefCon conventions for the flood of new malicious hacks that were revealed in the last few weeks.
The security flaw in BitDefender Antivirus Free 2020 allows an attacker to take over a Windows machine
On Wednesday, researchers from the Silicon Valley-based security firm SafeBreach revealed a critical security flaw in BitDefender’s popular and latest free antivirus for Windows that allows malicious hackers to entirely take over a user’s computer.
“I’ve picked this particular software mainly because it’s a popular one which is probably used by many users, so this kind of vulnerability has a big impact,” told me Peleg Hadar, the security researcher at SafeBreach who discovered the security vulnerability. “In my opinion, it’s very important to fix these kinds of issues so people will be more secure.”
The reason why the vulnerability is so critical is that BitDefender’s developers have done a sloppy job in making sure that the piece of software—dubbed a DLL or dynamic link library—they are loading in memory and executing can be trusted and is actually the correct one which is properly signed by BitDefender. This malicious cyber exploit is often referred to as DLL hijacking.
Worse, BitDefender’s antivirus service will load the malicious code every time it is restarted, making it persistent and invisible to track.
“The vulnerability gives attackers the ability to load and execute malicious payloads using a signed service,” said Peleg Hadar. “This ability might be abused by an attacker, for example, to achieve Application Whitelisting Bypass for purposes such as execution and evasion.”
I’ve reached out to BitDefender to make sure that the security flaw did not affect the Romanian cybersecurity firm’s other products including its small office security suite, Antivirus Plus 2020 or GravityZone Security.
“No, it affects only the free product, as stated in the advisory,” confirmed to me Alexandru Catalin Cosoi, Bitdefender’s Chief Security Strategist. “They are different products. They have different architectures, different UX, a different paradigm.”
BitDefender’s also published a security advisory regarding the vulnerability as well as a patch to correct the flaw.
Atherton Research Insights
What’s really disconcerting is that these kinds of security exploits also referred to as “Privilege Escalation”—which can then be used to gain access to the Windows operating systems’ most privileged user account—are not new and have been going on for years.
Most recently, Peleg found the same kind of security flaw allowing the DLL hijacking in Trend Micro’s Password Manager 5.0: The Tokyo-based cybersecurity company eventually released an updated version on August 14 that resolves the vulnerabilities in both the standalone version of its password manager software and the version packaged with the latest consumer versions of Trend Micro Security 2019.
Code Execution Vulnerability Identified in Change Healthcare Cardiology DevicesA vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated...
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most Targeted
29% of Small Businesses Spend Less Than $1,000 on IT Security Annually and Why They Are The Most TargetedThe digital and network footprint of small businesses is continually growing. Online commerce, social media, remote workers, and cloud-based IT infrastructure are...
What Other Companies Can Learn from Facebook’s $5 Billion Fine and Why Privacy MattersWhile Facebook’s $5 billion settlement stands as the largest fine in the history of the Federal Trade Commission (FTC), one must take into consideration that not every company is...
Stay Up to Date With The Latest News & Updates
Join Our Newsletter
Get weekly tech updates and immediate alerts when there is a zero-day or security issue!