A good number of internet security suites carry worrying flaws that could leave users open to exploit, according to some new research.
Cybersecurity firm enSilo found no less than six common problems which affect over 15 different AV products, all of which derive from the errant implementation of code hooking (used to monitor operating system functions) and injections techniques.
Microsoft's Detours, the most widely used hooking engine, is affected.
Attackers can use these flaws to get around Windows (or other apps) mitigations against exploits, and the affected security suites include many of the major players such as AVG, Avast, Bitdefender, Kaspersky, McAfee, Symantec, Emsisoft and Webroot among others.
All of these antivirus makers have been informed, and some have moved to fix the issue in the last month, enSilo noted – without specifying any names. The bad news is that patching this one up involves recompiling the product in question, so it's far from a trivial fix.
It's not just security suites which are hit by this, either, as the Detours hooking engine is used by many software makers, so this flaw could affect a large amount of other programs and potentially millions of users.
In a blog post, enSilo observed: "Most of these vulnerabilities allow an attacker to easily bypass the operating system and third-party exploit mitigations. This means an attacker may be able to easily leverage and exploit these vulnerabilities that would otherwise be very difficult, or even impossible, to weaponise.
"The worst vulnerabilities would allow the attacker to stay undetected on the victim's machine or to inject code into any process in the system."
The good news, such as it is, is that Microsoft has a patch to address this inbound for Detours next month. And hopefully security firms are on the ball with their own fixes – it might be a good idea to get in touch with your provider to check up on whether these issues have been addressed.
Update: We've heard from Webroot, with Eric Klonowski, Senior Advanced Threat Research Analyst, telling us: "Webroot has fully patched this vulnerability. enSilo contacted us about this vulnerability during the last week of December, and our team corrected it the following week. As security is our top priority, all Webroot customers received this update from the cloud immediately after release."
Via: PC World
- How super-smart AI could make antivirus updates a thing of the past