Google investigation exposes critical flaw in ESET virus scanners

Spread the love

A Google security researcher has discovered a critical vulnerability in antivirus software from the company ESET. Malicious persons can exploit the bug in the so-called remote mini-filter to gain full access to a system undetected.

The mini-filter in various ESET software packages, including antivirus and security packages, is intended to intercept and analyze the data traffic to and from a hard disk or SSD. Code is emulated if it is executable, after which the ESET software can check whether the code is dangerous or not. However, according to Google researcher Tavis Ormandy, the mini-filter is not robust enough, allowing an attacker to launch malicious code by generating I/O traffic on a system. Because this is hardly noticeable and no user interaction is required, a system can be attacked and taken over in silence from a distance.

On Windows systems, according to Ormandy, attackers can gain administrative privileges by accessing the ekrn.exe process. OS X and Linux systems can inherit the esets daemon which has root privileges.

Ormandy claims that he discovered the vulnerability in the ESET security software with only a few days of work and was able to exploit it. He has also published an exploit. Slovakian ESET released updates to the affected software on June 22 to address the issue.

Update, Thursday, 07.23: ESET reports fixing the vulnerability three days after the report.

You might also like
Exit mobile version