Four critical vulnerabilities has been reported in Kaspersky Internet Security Version 16.0.0 (and probably in other Kaspersky products). Kaspersky has fixed this vulnerabilities with an update.
Kaspersky Security Suite hooks into the Windows API via a driver named KLIF. This driver contains in version 10.0.0.1532 one kernel memory leak. A malicious program can send crafted IOCTL calls to be used, to leak kernel memory content to the user space. Three other vulnerabilities are useable to manipulate inaccessible memory content and causes a system crash.
Talos has reported all vulnerabilities to Kaspersky, and the antivirus vender has shipped an update to fix this security flaws in Kaspersky Security Suite version 16.0.0 – but note, that other – unnamed – products may also be affected. (via)
Cookies helps to fund this blog: Cookie settings