![]() ![]() The security issue was discovered using the dynamic analysis tool Crusher (made by ). We would like to thank the following researchers who discovered this issue and responsibly reported it: Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy of Institute for System Programming of the Russian Academy of Sciences (ISPRAS). Our applications support automatic updating procedure to make the process of receiving updates easier. To make sure that the fix is installed, a user can check that the antivirus databases are up to date. The fix was delivered to users automatically. The products mentioned above with antivirus databases released in June 2021 and later. An authenticated attacker with user rights could cause Windows crash by running a specially crafted application. Kaspersky has fixed a security issue CVE-2021-27223 in one of its modules, which was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. ![]() We would like to thank Nasreddine Bencherchali who discovered the issues and responsibly reported them to Kaspersky. Also, we recommend the users who can’t use the latest versions of the installers to follow these instructions. The users of already installed products are not affected by these issues. We recommend our customers to use the latest versions of the installers from our website. We access the severity of this issue as Low. To exploit this issue, the attacker needed administrator rights and had to create registry keys pointing to the file they wanted to execute.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |