A high-severity local privilege-escalation (LPE) vulnerability in Kaspersky’s VPN Secure Connection for Microsoft Windows has been discovered, which would allow an attacker to gain administrative privileges and take full control over a victim’s computer.
Tracked as CVE-2022-27535, the bug carries a high-severity CVSS score of 7.8 out of 10, according to an advisory out today from Synopsys, which discovered the issue. It exists in the Support Tools part of the application and allows a regular user to use the “Delete service data and reports” function to remove a privileged folder.
While remote code execution (RCE) bugs tend to hog the patching spotlight, LPE flaws deserve recognition as they’re often linchpins within a wider attack flow. After cybercriminals gain initial access to a target via RCE or social engineering, LPEs are generally used by attackers to boost their privileges from a normal user profile to SYSTEM – i.e., the highest privilege level in the Windows environment.
With these kinds of local admin privileges, an attacker can then gain further access to the network, and ultimately a company’s crown jewels.
“A fully compromised computer would allow an attacker access to websites, credentials, files, and other sensitive information that could be useful by itself, or useful in moving laterally inside a corporate network,” Jonathan Knudsen, head of global research at Synopsys Cybersecurity Research Center, tells Dark Reading.
Kaspersky’s VPN Secure Connection offers remote workers a supposedly secure way to tie back to a corporate network and resources, and Knudsen notes that the bug discovery points out an important truism: “All software has vulnerabilities, even security software. The key to releasing better, more secure software is using a development process where security is part of every phase.”
He adds that Synopsys hasn’t seen any exploitation of the bug, but “most likely attackers will take note of it as a possible technique.” Users should upgrade to version 21.7.7.393 or later to patch their systems.
Source: https://www.darkreading.com/endpoint/high-severity-bug-kaspersky-vpn-client-pc-takeover