AV products vulnerable to attack through Microsoft Aplication Verifier.

A.User · March 22, 2017, 3:03pm

Okay, you know better. Have a nice day!

SchaOn2 · March 22, 2017, 5:38pm

It seems that the Avast Business Security 17.2.2517 build 17.2.3419.64 is still UNProtected at the moment… or is there something special that we have to do to get this turned on?

FYI — running Windows 10 (fully up-to-date).

system · March 24, 2017, 3:11pm

Avast, statement attributed to Ondrej Vlcek, CTO and GM of consumer business: “We were alerted by Cybellum last year through our bug bounty program to a potential self-defense bypass exploit. We implemented the fix at the time of reporting and therefore can confirm that both the Avast and AVG 2017 products, launched earlier this year, are not vulnerable. It is important to note that the exploit requires administrator privileges to conduct the attack and once that's the case, there are numerous other ways to cause damage or modify the underlying operating system itself. Therefore, we rate the severity of this issue as "low" and Cybellum's emphasis on the risk of this exploit to be overstated.

https://www.scmagazine.com/microsoft-tool-exploit-doubleagent-can-turn-antivirus-software-into-your-worst-enemy/article/646173/

system · March 24, 2017, 7:10pm

avon post:23:

Avast, statement attributed to Ondrej Vlcek, CTO and GM of consumer business: “We were alerted by Cybellum last year through our bug bounty program to a potential self-defense bypass exploit. We implemented the fix at the time of reporting and therefore can confirm that both the Avast and AVG 2017 products, launched earlier this year, are not vulnerable. It is important to note that the exploit requires administrator privileges to conduct the attack and once that's the case, there are numerous other ways to cause damage or modify the underlying operating system itself. Therefore, we rate the severity of this issue as "low" and Cybellum's emphasis on the risk of this exploit to be overstated.

https://www.scmagazine.com/microsoft-tool-exploit-doubleagent-can-turn-antivirus-software-into-your-worst-enemy/article/646173/

Should be aware, though, that in Windows 10 those logging in with their MS Account (the default) run as administrator at all times. While not difficult to set up, MS kind of hides the ability to use local accounts, and if somebody with a local standard (non-admin) account ever starts using their MS Account (which automatically changes the user account to administrator) its quite fiddly and time-consuming to reverse the process. So simply brushing off an issue because “if they’re admin they can do anything” is perhaps not realistic?

bob3160 · March 24, 2017, 7:29pm

@ mjbrady,
I believe the Admin reference was primarily directed toward those still using an older version of Avast.

Patrick2 · March 24, 2017, 9:25pm

@mjbrady

I personally use Microsoft account all the time since Windows 8.0, 8.1, and Windows 10 Pro, always set my secondary local account as Admin, and personally change my Microsoft Account login to Standard user, so no it doesn’t run as Admin all the time, To Change account type, Open Control Panel, user accounts, Change account type, switch Local account to Admin, then Switch Microsoft Account login to Standard done

Avast works fine, all programs do as well

Sometimes get Popup from UAC for Admin account password, but otherwise don’t mind that at all

Just thought i’d point that out regarding that

topstuff · March 25, 2017, 7:15pm

Will 12.3.2280 be patched? I find it to be the most stable version to use.

Asyn · March 25, 2017, 7:21pm

I doubt that outdated versions get patched.

AV products vulnerable to attack through Microsoft Aplication Verifier.

Announcements