Flaws found affecting at least 15 products including AVG, Symantec, Trend Micro and McAfee security products

Researchers at EnSilo found vulnerabilities in the way that applications communicate with one another in Windows that could be exploited by an attacker to allow that attacker to gain access to the system API (application programming interface). Once exploited, the attacker would be able to do things like inject malicious code into any process on the target computer, monitor, intercept and / or modify legitimate communications.

An attacker would have to already have access to the target system but this flaw would reportedly make it easy for an attacker, once on target, to neuter the security platforms running on the target.

Details are sparse but the researchers are scheduled to present at Black Hat in Las Vegas in early August this year. Reports indicate that some affected vendors (specifically mentioned in the article was Bitdefender) have released updates to mitigate the vulnerability but some vendors (specifically mentioned were Microsoft and Symantec) have not responded and some vendors (none specifically noted) have not released any updates or mitigation options as of the time of this article.

Some key things to note here are the importance of layers between untrusted networks and protected hosts that include thing like firewalls (possibly block the initial attack), Intrusion Detection Systems (IDS) to alert on unusual activity (these can be network based or host based), egress filtering (if the attacker is somehow able to get on target, egress filtering can slow down and possibly stop an attacker from getting data [including their shell] out of the target network) and user training, many of which could be instrumental in stopping an attacker before he or she got onto a vulnerable system.

Misc / Errata

Leave a Reply