High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

A high-severity native privilege-escalation (LPE) vulnerability in Kaspersky’s VPN Safe Connection for Microsoft Home windows has been found, which might permit an attacker to achieve administrative privileges and take full management over a sufferer’s laptop.

Tracked as CVE-2022-27535, the bug carries a high-severity CVSS rating of seven.8 out of 10, in keeping with an advisory out today from Synopsys, which found the difficulty. It exists within the Assist Instruments a part of the applying and permits an everyday person to make use of the “Delete service information and reviews” operate to take away a privileged folder.

Whereas distant code execution (RCE) bugs are likely to hog the patching highlight, LPE flaws deserve recognition as they’re typically linchpins inside a wider assault movement. After cybercriminals achieve preliminary entry to a goal through RCE or social engineering, LPEs are usually utilized by attackers to spice up their privileges from a traditional person profile to SYSTEM – i.e., the best privilege degree within the Home windows atmosphere.

With these sorts of native admin privileges, an attacker can then achieve additional entry to the community, and in the end an organization’s crown jewels.

“A totally compromised laptop would permit an attacker entry to web sites, credentials, recordsdata, and different delicate data that could possibly be helpful by itself, or helpful in shifting laterally inside a company community,” Jonathan Knudsen, head of world analysis at Synopsys Cybersecurity Analysis Heart, tells Darkish Studying.

Kaspersky’s VPN Safe Connection affords distant employees a supposedly safe strategy to tie again to a company community and assets, and Knudsen notes that the bug discovery factors out an essential truism: “All software program has vulnerabilities, even safety software program. The important thing to releasing higher, safer software program is utilizing a growth course of the place safety is a part of each part.”

He provides that Synopsys hasn’t seen any exploitation of the bug, however “almost certainly attackers will be aware of it as a doable method.” Customers ought to improve to model or later to patch their techniques.


Leave a Reply

Your email address will not be published. Required fields are marked *