0 Members and 1 Guest are viewing this topic.
MitigationMicrosoft has provided a new design concept for antivirus vendors called Protected Processes. The new concept is specially designed for antivirus services. Antivirus processes can be created as “Protected Processes” and the protected process infrastructure only allows trusted, signed code to load and has built-in defense against code injection attacks. This means that even if an attacker found a new Zero-Day technique for injecting code, it could not be used against the antivirus as its code is not signed. Currently no antivirus (except Windows Defender) has implemented this design. Even though Microsoft made this design available more than 3 years ago. It’s important to note, that even when the antivirus vendors would block the registration attempts, the code injection technique and the persistency technique would live forever since it’s legitimate part of the OS.
More info here: LINK.This is one more reason to bring back the Early Launch Antimalware (the security component that you removed for unknown reasons after acquiring AVG) which is a prerequisite for registering Avast service as a protected antimalware service. AVG has been patched, what about Avast?
So, that's a feature MS introduced in Win 8.1. Does that mean that feature would not be available in Win 7 and so the Antivirus program will always be vulnerable? Anyone knows?
Only Avast 12.3 (and older) version is vulnerable.
Quote from: Spec8472 on March 22, 2017, 11:23:43 AMOnly Avast 12.3 (and older) version is vulnerable.The tests were done on the latest version of the vendor on Windows 10 x64 using our POC code.
Quote from: Be Secure on March 22, 2017, 11:39:13 AMQuote from: Spec8472 on March 22, 2017, 11:23:43 AMOnly Avast 12.3 (and older) version is vulnerable.The tests were done on the latest version of the vendor on Windows 10 x64 using our POC code.Spec is right, read here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5567Technical details: https://forum.avast.com/index.php?topic=66267.msg1379910#msg1379910
Quote from: Asyn on March 22, 2017, 11:42:25 AMQuote from: Be Secure on March 22, 2017, 11:39:13 AMQuote from: Spec8472 on March 22, 2017, 11:23:43 AMOnly Avast 12.3 (and older) version is vulnerable.The tests were done on the latest version of the vendor on Windows 10 x64 using our POC code.Spec is right, read here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5567Technical details: https://forum.avast.com/index.php?topic=66267.msg1379910#msg1379910vulnerability is fixed in version 17??
Quote from: Be Secure on March 22, 2017, 11:44:37 AMQuote from: Asyn on March 22, 2017, 11:42:25 AMQuote from: Be Secure on March 22, 2017, 11:39:13 AMQuote from: Spec8472 on March 22, 2017, 11:23:43 AMOnly Avast 12.3 (and older) version is vulnerable.The tests were done on the latest version of the vendor on Windows 10 x64 using our POC code.Spec is right, read here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5567Technical details: https://forum.avast.com/index.php?topic=66267.msg1379910#msg1379910vulnerability is fixed in version 17??Yep.
Also don't worry about anti malware processes, all our services are anti-malware processes in both Avast/Avg (starting version 17)