BCC Forums

BCCHardware.com => Operating Systems & Software => Topic started by: Zeus on November 13, 2017, 09:44:57 pm

Title: Many Anti-Virus Flawed - Some Fixed
Post by: Zeus on November 13, 2017, 09:44:57 pm
It seems that many anti-virus programs out there have (or have had) a flaw that allows an attacker to quarantine malicious code and then move it to a different location. This would allow the code to be executed once it's been improperly quarantined, and is kind of a big deal. The downside is that while some companies have patched this issue, there are probably more of them that haven't. Make sure you have proper backups with software such as Acronis - and for the love of God, don't open attachments from people you don't know.

   "AVGater can be used to restore a previously quarantined file to any arbitrary filesystem location. This is possible because the restore process is most often carried out by the privileged AV Windows user mode service. Hence, file system ACLs [Access Control Lists] can be circumvented (as they don't really count for the SYSTEM user). This type of issue is called a privileged file write vulnerability and can be used to place a malicious DLL anywhere on the system," Bogner explained.Source: TheInquirer  (https://www.theinquirer.net/inquirer/news/3020913/widespread-anti-virus-flaw-left-users-vulnerable)

Click here to read this article! (http://bcchardware.com/index.php?option=com_content&view=article&id=17728:many-anti-virus-flawed-some-fixed&catid=66:software-news&Itemid=160)