CyberNews Briefs

BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk — Update Now

Researchers with SafeBreach have uncovered a critical security flaw in the free version of BitDefender’s antivirus solution that can enable hackers to take over Windows machines running the vulnerable software. The issue has now been patched.

The flaw stems from the fact that the software does not adequately verify whether a certain component it needs to load into memory is actually a trusted DLL file signed by the firm. This allows hackers to carry out a DLL hijacking attack where the BitDefender DLL file is replaced with a malicious copy that will be loaded into memory every time the program runs. This “gives attackers the ability to load and execute malicious payloads using a signed service.” In other words, because Windows trusts BitDefender, it will trust the DLL component it loads into memory, even if this is actually a malicious file.

Read more: BitDefender Confirms Security Flaw In Free Windows Antivirus 2020, Millions At Risk — Update Now

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.