An ingenious security flaw that would emable an attacker to actively use anti-virus and anti-malware software to implant a suspicious file on a user's computer has been demonstrated by an Austrian security researcher.
The technique, however, requires the attacker to have local administrative privileges.
The researcher, Florian Bogner, disclosed the proof-of-concept after notifying the vendors.
The weakness has been dubbed 'AVGater' by Bogner.
It originally affected more than a dozen different widely used anti-virus programmes, although seven currently undisclosed anti-virus apps also suffer from the problem, he warns.
The companies that have already fixed their packages are: Emisoft, Ikarus, Kaspersky, Malwarebytes, Trend Micro, and Check Point's ZoneAlarm.
In brief, the attack involved taking advantage of the way in which anti-virus software automatically quarantines files that appear malicious, and then use a privilege mismatch vulnerability to move that file to a more dangerous location, such as the root (C:) drive, where it can be executed.
"AVGater can be used to restore a previously quarantined file to any arbitrary filesystem location. This is possible because the restore process is most often carried out by the privileged AV Windows user mode service.
"Hence, file system ACLs [Access Control Lists] can be circumvented (as they don't really count for the SYSTEM user). This type of issue is called a privileged file write vulnerability and can be used to place a malicious DLL anywhere on the system," Bogner explained.
The end result of triggering these vulnerabilities is full control of a system for a local non-admin attacker.
While the other AV companies are still working on a fix for the potential vulenerability, it's probably best for any network admins to ensure that regular users can't restore files identified as threats, which sort of sounds like common sense anyway to be honest.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago