Tech Support Forum banner
Status
Not open for further replies.

Kaspersky Fixes Bugs That Allowed Attackers to Crash Its Antivirus

3K views 0 replies 1 participant last post by  JMH3143 
#1 ·
Russian security vendor Kaspersky Lab has recently patched four vulnerabilities in its flagship product, the Kaspersky Internet Security Suite, which allowed attackers to crash the antivirus and disclose information from the computer's memory.

The Cisco Talos team has identified these four issues (CVE-2016-4304, CVE-2016-4305, CVE-2016-4306, and CVE-2016-4307) affecting the product's KLIF, KLDISK and KL1 drivers, used to interact with underlying Windows APIs.

One bug is an information disclosure vulnerability, and the other three are DoS (Denial of Service) issues that crash the application.

DoS bugs are considered annoying at best and are low-priority security issues in most software applications, but this doesn't apply to antivirus engines (or "security systems," since nobody calls them antiviruses anymore).

"Although these vulnerabilities are not particularly severe, administrators should be aware that security systems can be used by threat actors as part of an attack, and keep such systems fully patched," the Cisco Talos team notes in their advisory.
Kaspersky Fixes Bugs That Allowed Attackers to Crash Its Antivirus
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top