Author Topic: Many Anti-Virus Flawed - Some Fixed  (Read 391 times)

Offline Zeus

  • I AM Canadian!
  • BCC Admin
  • Hard Modder!
  • *****
  • Posts: 3616
  • Karma: +678/-200
  • Gender: Male
  • [S]odbuster
    • View Profile
    • BCCHardware
Many Anti-Virus Flawed - Some Fixed
« on: November 13, 2017, 09:44:57 pm »
It seems that many anti-virus programs out there have (or have had) a flaw that allows an attacker to quarantine malicious code and then move it to a different location. This would allow the code to be executed once it's been improperly quarantined, and is kind of a big deal. The downside is that while some companies have patched this issue, there are probably more of them that haven't. Make sure you have proper backups with software such as Acronis - and for the love of God, don't open attachments from people you don't know.

   "AVGater can be used to restore a previously quarantined file to any arbitrary filesystem location. This is possible because the restore process is most often carried out by the privileged AV Windows user mode service. Hence, file system ACLs [Access Control Lists] can be circumvented (as they don't really count for the SYSTEM user). This type of issue is called a privileged file write vulnerability and can be used to place a malicious DLL anywhere on the system," Bogner explained.Source: TheInquirer 

Click here to read this article!