Pages

Monday, 12 October 2015

Kaspersky Close Leak That Windows Update Attacker Left Block



The Russian anti-virus firm Kaspersky Lab has closed a vulnerability in Kaspersky Internet Security poem through which attackers could simply block users' access to Windows Update, the Kaspersky website and other websites, as well as the servers of e-mail provider.

The vulnerability was discovered by Google researcher Tavis Ormandy, who earlier other serious problems in the security of Kaspersky Lab laid bare. Earlier Ormandy also found all vulnerabilities in the software from Sophos, ESET and Avast.The problem with the Internet Security package has been caused by a component called the "Network Attack Blocker".This component aims to protect the computer from malicious network activity. Ormandy discovered that it is actually nothing more than a simple stateless packet filter 'that in the event of an attack on the IP address put on a blacklist.

This design made ​​abuse possible, according to Ormandy. For example, the component was found to recognize a forged TCP packets. Also, the filter did not appear to understand the status of the application layer if there is a packet was received. An attacker could create simple abuse of this by sending the signature of an attack to a Kaspersky user, the IP address was falsified. According to Ormandy, the attacker could, for example windowsupdate.microsoft.com can specify as the sender. The Network Attack Blocker could then access to Windows Update are blocked, preventing users from Windows updates would receive more.

The second problem is a possible such scenario, then only via e-mail. In this case, the security component would have blocked user access to its server. Ormandy warned Kaspersky Lab on September 11, after the update was released last Thursday. Then the Google researcher has decided to details of the vulnerabilities disclose.

2 comments:

  1. Hi!
    You must have forgotten to say 'closed' between 'has' and 'a vulnerability' as the fix for this flaw was delivered on Oct. 6 http://support.kaspersky.com/vulnerability.aspx?el=12430#block1 :)

    ReplyDelete