DescriptionKaspersky Lab has fixed a vulnerability found by Cybellum Technologies which made a DLL Hijacking attack possible, via an undocumented feature of Microsoft Application Verifier. This allows the attacker to inject code into most OS processes, not just security solutions. It should be mentioned that this attack can only be performed thorough a local vector, when the attacker has already penetrated the device. The attacker has to infect the attacked computer with malicious software in advance, and escalate its privilege on the device in order to register a new Application Verifier Provider DLL – both actions require an attacker to use a range of other tools.
Fixed VersionsThe detection and blocking of this malicious scenario has been added to all Kaspersky Lab products from 22 March. In order to stay protected, Kaspersky Lab recommends all customers keep their security solutions up to date and do not disable behavior-based detection features.
Kaspersky Lab will also incorporate additional protection measures into the next updates to its flagship security products. These will block the attack attempts described at different levels. The security solutions to be updated accordingly are:
- Kaspersky Anti-Virus 2018
- Kaspersky Internet Security 2018
- Kaspersky Total Security 2018
- Kaspersky Small Office Security 2018
AcknowledgmentsWe would like to extend our thanks to Cybellum Technologies for reporting this bug to Kaspersky Lab.
发表于 2018-11-5 18:16:57
楼主
