Now Reading
Kaspersky fixes exploit which allowed attackers to block Windows Update and its own servers

Kaspersky fixes exploit which allowed attackers to block Windows Update and its own servers

by AshwinOctober 12, 2015

A security flaw was spotted in Kaspersy’s line of security products, which blocked Windows Update.

Kaspersky Internet security 2016

Oh, and this isn’t specific to Windows 10 apparently.

But I wouldn’t be surprised if you had assumed that and thought “As if Windows 10 didn’t have enough problems already”. We have seen several failed updates messing up the operating system even before the operating system was launched at the end of July.

The exploit in the Kaspersky Antivirus and Internet Security products, was discovered by Tavis Ormandy, a Google Project Zero security researcher. If the name sounds familiar, you are not wrong. Ormandy was the man behind the recently unearthed security flaws in Kaspersky, as well as in ESET. Well, that is what a security researcher has to do, and he’s totally killing it.

What was the security issue in Kaspersky?

The security exploit in Kaspersky’s products, was possible due to the fact that the product detects malicious packet (data transfer), it blacklists the IP, this preventing communication with the bad server.

Attackers could take advantage of this “loophole”, to spoof a network packet, which could then trigger the app block the servers of Windows Update, Kaspersky Update, and the like. The attackers could also embed a virus signature in an email or the metadata of an image, tricking the antivirus into blocking the IP.

So, using the above tactics to fool the app’s defenses, the user’s system, would be put to risk, and will not receive any Windows Update or an update for Kaspersky’a antivirus signature database.

There is a bit of good news too, as once Ormandy reported the findings to the Russian security firm, the company acknowledged it and patched the loophole. The bad news is that the antivirus company certainly took its time to patch up the flaw. Ormandy had reported the issue on September 11th, and the fix for it was only rolled out on October 8th, almost a whole month.

Kaspersky released a statement regarding the resolution of the issue, to Softpedia. Here is what it said:

Kaspersky Lab has corrected the conditions for blocking IP addresses by the Network Attack Blocker component of our products that could have led to prohibiting access to legitimate network resources.

The security firm confirmed that it has not seen evidence, that the vulnerability had been exploited by anyone.

The issue has already been patched and delivered through automatic updates, so your system should be safe by now.