Country

Security Blog

Vulnerability in windows antivirus products (IK-SA-2017-0002)

The protection of users and the quality assurance of our products are of highest importance to IKARUS. Transparent communication and the trust of our customers as well.
Therefore we publish information for the identification and elimination of potential vulnerabilities, which are affecting our software packages.

Security specialists have identified a critical vulnerability in a module of our Windows Anti-Virus software.

This vulnerability could be exploited to allow attackers on affected systems to gain unauthorized access to other parts of the system. At the moment there is no active use of this exploit.

In order to ensure the security of our software and customer systems, we recommend that you update immediately to the latest version of our software.

Please forward this information to the responsible people in your company so they can implement this necessary update quickly.

For the exact details please see the following technical description:

Summary:
A privilege escalation and arbitrary write vulnerability was found in all our windows antivirus products.
The issue affects driver.

Severity: Critical
Successful exploitation of this issue would allow an attacker to overwrite any memory region (including kernel) in the client machine with elevated privileges.

Products affected:
The following tool checks if the installation is vulnerable:http://www.ikarussecurity.com/fileadmin/download/IKSA20170002_w32.exe

http://www.ikarussecurity.com/fileadmin/download/IKSA20170002_w32.exe

Available updates:
An update is available.  Please note that a complete system start is necessary in order to exchange the affected driver. You can run the previously linked software again to make sure the vulnerability has been resolved.

Acknowledgements:
We would like to thank Parvez Anwar for finding and reporting this vulnerability. It has allowed our development team to respond quickly and to overcome the challenge on time.

 

 

© 2017 IKARUS Security Software GmbH