One of Kaspersky’s VPN products had a critical weakness that might have been exploited by a hostile actor to get elevated privileges in a third-party environment had it been identified sooner.
According to a business security statement, these results were validated and users were recommended to apply a fix right away. This year’s first vulnerability was discovered in Kaspersky’s VPN Secure Connection for Windows by researcher Zeeshan Shaikh of the Synopsys Cybersecurity Research Center (CyRC). This vulnerability would enable users to go from “regular” to “admin” status on their account. It was mentioned that in Windows, the SYSTEM account is used.
‘Delete service data and reports’ may be used by normal users to remove privileged folders from the Support Tools section of the programme,” CyRC informs. “And an attacker may get enhanced privileges with that capacity.”
The vulnerability has been renamed CVE-2022-27535 and has been assigned a severity rating of 7.8 out of 10. This places it in the “high-risk” but not “critical” category. No one has been harmed as a result of the issue, according to Kaspersky, so that’s a positive sign. However, users are encouraged to update to version 21.6 or above in order to take advantage of the patch.
Unpatched devices are often targeted by cybercriminals because they are considered low-hanging fruit.
According to CyRC, Kaspersky confirmed Shaikh’s findings and provided a remedy in late May after almost a month of investigation. In late July, Shaikh was able to verify the patch.
Ironically, software like Kaspersky VPN Secure Connection for Windows, which is designed to keep users safe from breaches rather than cause them, was the source of the incident. Data is encrypted and routed across secure networks to servers frequently located outside the country where the VPN client is installed.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover