A vulnerability present in some anti-virus used to prevent the deletion of a malicious file and cause the deletion of a legitimate file.
Many antivirus solutions can be tricked into deleting completely legitimate files from the systems they are supposed to protect, according to a proof-of-concept published by Or Yair, a security researcher at SafeBreach.
A harmless file deleted instead of the dangerous file
But Yair explains that the vulnerability is linked to a well-known category of bug, the time-of-check to time-of-use (TOCTOU). By exploiting this flaw, code can become capable of inserting an alternate path after malware detection in order to lead to the deletion of a legitimate file rather than the malicious file. According to his report, it is even possible that system files are deleted in this way.
The expert who has studied this vulnerability calls it Aikido, in reference to the Japanese martial art based on exploiting the movements and strength of opponents to turn them against them. The analogy indeed makes sense when you understand how the exploit works.
Windows Defender, Avast, AVG and Trend Micro fixed the security flaw
The security flaw exists on several popular antiviruses, including Windiows Defender, Defender for Endpoint, SentinelOne EDR, Avast, AVG, and Trend Micro. Also tested, McAfee and BitDefender are apparently not affected by this problem.
But Yair points out that in the case of Windows Defender, Aïkido deletes entire folders, not just files. The proof of concept was presented at the Black Hat Europe 2022 security conference, and antivirus software vendors have already been able to develop patches to close this vulnerability.
Microsoft has assigned it the identifier CVE-2022-37971 and fixes the bug in Microsoft Malware Protection Engine version 1.1.19700.2. A patch has also been deployed by Trend Micro (Hotfix 23573, Patch_b11136) as well as by Avast and AVG (update 22.10).
Source : Neowin, Safebreach
Recent years have been marked by the massive use of teleworking, cybercrime is doing better than well. We are still, unfortunately, in a situation that makes the use of a complete security suite highly recommended, even essential, in any case under Windows. And it’s against this backdrop that we’ve reviewed the top security suites available on PC to determine the best antivirus for 2022 (Updated Dec 2022).
Read more
9