Researchers with SafeBreach have uncovered a critical security flaw in the free version of BitDefender’s antivirus solution that can enable hackers to take over Windows machines running the vulnerable software. The issue has now been patched.
The flaw stems from the fact that the software does not adequately verify whether a certain component it needs to load into memory is actually a trusted DLL file signed by the firm. This allows hackers to carry out a DLL hijacking attack where the BitDefender DLL file is replaced with a malicious copy that will be loaded into memory every time the program runs. This “gives attackers the ability to load and execute malicious payloads using a signed service.” In other words, because Windows trusts BitDefender, it will trust the DLL component it loads into memory, even if this is actually a malicious file.
Read more: BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk — Update Now