DoubleAgent


Whats bitdefender going to do about this and how quick do they think they can release a patch ? 


 


https://cybellum.com/doubleagent-taking-full-control-antivirus/

Comments

  • Sorin G.
    Sorin G.
    edited March 2017


    Hello,


     


    On November 26th, we were first contacted by Cybellum and made aware of an undocumented feature in Windows that can potentially allow an attacker to inject third party code into any process running on the computer, including those processes that are the building bricks of the operating system itself.


    Cybellum applied this feature to anti malware solutions including ours, and supplied a working Proof of concept to Bitdefender early December through the Bitdefender Bug bounty program.


    This undocumented feature, Microsoft Application Verifier, ships with all versions of Windows and is used for debugging (troubleshooting application code). The functionality it leverages is not a vulnerability in any exploited product, but rather a feature by design to assist developers in the application creation process.


    While a fix is scheduled for later this year for Bitdefender solutions to prevent this, the fact that in order for the exploit be successful, it needs to be executed with administrator rights, considerably narrows the attack surface. Its actually easier to uninstall the security solution if you have administrator rights for example.


    In order to further minimize the potential impact of the Microsoft Application Verifier exploit Bitdefender recommends that computer administrators and owners enforce the best security practices advocated by the industry: never open unsolicited or unexpected attachments and – most importantly – never run applications as privileged user.


  • THIS!


     


    True words @Sorin! A person thats on net must try to avoid downloading or clicking on untrustful stuff. Even if the person has a good defending by hardware firewall or such.


     


    And, most of all, trying to disable potential exploits inside Windows like TEREDO and such. TEREDO is a potential dangerous exploit in my point of view.


     


     


  • Hello,


     


    In the update today, we have patched the concern reported in this thread.


    Build : 21.0.24.62


  • I would like to read about it anymore. Prompt, what literature to study?