The Windows version of Kaspersky Secure Connection software for anonymous web surfing contains a vulnerability that allows hackers to take full control of the victim’s PC and access its files. The breach has a high level of danger. The developers have found a way to get rid of it, and now the user only needs to update Kaspersky Secure Connection to version 184.108.40.2063 or later – the vulnerability has already been fixed in them.
Dangerous security application
Research company Synopsys Cybersecurity Research Center has discovered a dangerous flaw in Kaspersky Lab’s Kaspersky Secure Connection software, exposing users to the risk of hacking. The vulnerability allows hackers to locally elevate their rights on the user’s device, that is, to seize almost complete control over it.
Kaspersky Secure Connection allows users to hide their presence on the Internet by spoofing their IP address. This provides, in addition to confidentiality and security, also open access to all prohibited sites on the Internet.
The flaw discovered by Synopsys experts received the index CVE-2022-27535 and a high level of danger. In this regard, she has 7.8 points out of 10 possible.
Doesn’t apply to everyone
Kaspersky Secure Connection is a multi-platform solution. At the time of the release of the material, the application was available on almost all the most popular operating systems in the world.
Kaspersky Lab is known for its ability to quickly fix vulnerabilities found in its software. This case is no exception.
In the field of mobile devices, Kaspersky Lab software can be installed on gadgets running Google Android and Apple iOS, while those who prefer anonymous web surfing on a computer can use Kaspersky Secure Connection on a PC running Windows or macOS. Linux support is not yet implemented.
The CVE-2022-27535 vulnerability is present only in the Windows version of Kaspersky Secure Connection. Builds for other platforms do not have this issue.
The flaw CVE-2022-27535 was identified by Synopsys specialists in the Support Tools component of Kaspersky Secure Connection. According to Kaspersky Lab representatives, a hacker who exploited this vulnerability could delete arbitrary files on the victim’s computer, including personal documents or system files, without which Windows would not be able to function correctly.
However, an attacker will not be able to destroy the contents of the drive in the background – this is impossible without user participation. “In order to perform this attack, the attacker must create a specific file and convince the user to execute a command in the application to “Delete all service data and reports” or “Save the report on your computer.” Both of these commands are found in the Support Tools menu.
Extremely simple solution
By the time the material was published, Kaspersky Lab specialists had closed the CVE-2022-27535 vulnerability. The editors of CNews turned to the representatives of the company with a question about when exactly they received information about this problem, and are waiting for a response.
Is it worth trying to improve operational efficiency with the help of digital audit: the experience of Alrosa
According to Synopsys, its experts notified Kaspersky about the vulnerability in early March 2022. The developers acknowledged the problem on May 28, 2022. It took about two more months to prepare a patch to fix it. A statement about the resolution of the problem appeared on the Kaspersky Lab website on August 4, 2022.
According to Synopsys, the flaw appeared in version 220.127.116.111 of Kaspersky Secure Connection and then made its way into later releases. The Kaspersky website states that this applies to all versions of the application, up to 21.6.
Users of Kaspersky Secure Connection can protect themselves from hacking by updating the utility to a more recent version. In release 18.104.22.1683, according to Synopsys, the “hole” is gone.
Service that avoided blocking
In Russia, cases of blocking anonymous surfing services and access to prohibited resources have become more frequent in recent years. For example, Opera VPN and VyprVPN were sanctioned in June 2021. A year later, Nord VPN and Proton VPN found themselves in a similar situation.
Vyacheslav Zhuravlev, hh.ru: The most difficult thing when looking for a data center is to find a site with free rack spaces
Meanwhile, back in the spring of 2019, Roskomnadzor demanded that such services not allow Russians to visit sites blocked in the country. Owners of Kaspersky Secure Connection, NordVPN, Hide my Ass, Hola VPN, Vypr VPN, ExpressVPN, TorGuard, IPVAnish, and VPN Unlimited have received corresponding notifications. As CNews reported, Kaspersky Lab was among the first to promise to comply with the new requirement of the regulator.
As for the security of Kaspersky Secure Connection, CVE-2022-27535 is not the only vulnerability found in it. So in April 2018, a problem was discovered in the mobile version of the utility with the index 22.214.171.124 – the applicationrequests to DNS servers bypassing a secure “tunnel” specially created for encrypted data transmission when the service is activated. A bug that could lead to the deanonymization of all users of the service was fixed in June 2018.
In December 2019, Kaspersky Secure Connection wasvulnerability CVE-2019-15689. Attackers could use it to launch an unauthorized executable file without a digital signature.