Following several weeks of speculation over a potentially serious flaw in its antivirus software, Kaspersky Labs has acknowledged the problem and has released a patch.
The vulnerability, made public by independent researcher Alex Wheeler, could allow a hacker to take control of the popular antivirus software by sending a specially crafted CAB file, which crashes the antivirus application.
However, the lab said that the vulnerability is limited to Microsoft Windows-based versions of its products.
This attack, once past the AV scanning engine, could be executed without user intervention. Although some vulnerability testers have rated the flaw "critical," Kaspersky downplayed the threat.
"The actual threat posed by the vulnerability is minimal," Kaspersky said in a statement. The lab released updates eliminating the vulnerability and they're available for installation using standard updating procedures.
After confirming the vulnerability, the Moscow-based vendor said in a statement, "Kaspersky Lab specialists have taken measures to eliminate the threat related to the CAB module vulnerability."
Kaspersky Labs said that it had previously altered the CAB files used in the software on Sept. 29 to reduce the threat.
No attempts to create and distribute such exploits have been recorded to date, the company said.
The products affected are Kaspersky Anti-Virus Personal, Pro 5.0, Anti-Virus 5.0 for Windows Workstations and Windows File Servers and Personal Security Suite 1.1.
Adapted from internetnews.com.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|