Have you heard that a security flaw was found in Free Windows Antivirus 2020? This is true. You can read this post to know more about this security flaw. In addition, with MiniTool Partition Wizard, you can rescue your data from virus attack.
Security Flaw in BitDefender’s Free Windows Antivirus 2020
Thanks in part to the Black Hat and DEFCON conventions, a mass of new malicious hacks were revealed in the last few weeks.
Further Reading:
Black Hat was founded in 1997 and has been held for 22 sessions until this year. It has grown from an annual conference in Las Vegas to today’s International Information Security Conference. This year, it was held from August 7 to 8.
This conference is highly technical, with participants including researchers from various companies and governments, providing participants with the latest research, developments, and trends, leading the way in security thinking and technology.
The DEFCON Conference is the world’s top security conference. It was born in 1993 and is held in Las Vegas, USA every July. In 2019, it was held from Aug 8 to 11.
Its participants include experts in computer security, journalists, lawyers, government employees, security researchers, students, hackers, and other members who are interested in computer security.
The covered areas include software security, computer architecture, radio eavesdropping, hardware modifications, and other information areas that are vulnerable. This conference also has a share of cutting-edge technology.
On July 17, researchers from SafeBreach, a Silicon Valley-based security firm, revealed a critical security flaw in BitDefender’s popular and latest free antivirus for Windows. This security flaw in BitDefender Antivirus Free 2020 allows an attacker to entirely take over a user’s computer.
Peleg Hadar, the security researcher at SafeBreach who discovered the security vulnerability, said that the reason why he picked this particular software is that BitDefender is a popular antivirus program which is probably used by many users and this kind of vulnerability will have a big impact.
Peleg Hadar thought it’s very important to fix these kinds of issues so that people will be more secure.
Further reading:
BitDefender is a security software brand from Romania, established in 2001. This security software offers real-time monitoring for viruses, malware and spyware and ransomware. The protection it offers is solid and Bitdefender consistently earns top marks for its antivirus protection and usability from the respected AV-Test independent testing lab.
In addition, Bitdefender Antivirus Free Edition is easy to set up and stays out of your way until you need it.
The Impact of This Security Flaw
The vulnerability exists mainly due to the lack of Code Integrity Protection (CIG) mechanism. The reason why this vulnerability is so critical is that it allows DLL hijacking.
An attacker could exploit this vulnerability to load an arbitrary dynamic link library (DLL) in memory and to execute it. In addition, this malicious payload can be executed and trusted as the correct one which is properly signed by BitDefender. This malicious cyber exploit is often referred to as DLL hijacking.
Through this way, attackers can achieve Application Whitelisting Bypass for purposes such as execution and evasion. What’s worse, BitDefender’s antivirus service will load the malicious code every time it is restarted, making it persistent and invisible to track.
Fortunately, this security flaw affects only the free product and does not affect the Romanian cybersecurity firm’s other products including its small office security suite, Antivirus Plus 2020 or GravityZone Security, because they are different products and they have different architectures, different UX, and different paradigms.
Later, BitDefender published a security advisory regarding the vulnerability as well as a patch to correct the flaw on Aug 14.