When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Microsoftand Kasperskyssecurity productscan be tricked into deleting legitimate files, possibly bricking entire applications, experts have warned.
Cybersecurity researchers from SafeBreach discussed their findings during the Black Hat Asia conference in Singapore,The Registerreports.
In theory, hackers would be able to delete peoples files remotely.
The signature would make it into the database, tricking the security program to delete the entire thing.
In another example, an attacker could add the signature to a comment of a video.
We could really destroy a production database all over the world, and this could be irreversible.
So we were really scared to give a shot to do it ourselves, The Register cited the researchers.
Initially, Microsoft acknowledged the findings.
The vulnerability was registered under CVE-2023-24860, and patched in April 2023.
It was “planning some improvements to mitigate this issue,” though.
The researchers didnt fully stop there.
Both Kaspersky and Microsofts solutions worked at face level, but they wanted to dig deeper.
They deemed Kaspersky not popular enough to warrant further investigation, so they focused on Microsoft.
They managed to work around the initial patch, triggering the creation of CVE-2023-3601 in December 2023.
The researchers concluded that, for fully address this problem, Defender should be redesigned from the ground up.
