News Tech: Kaspersky has patched a key flaw in one of its VPN products (opens in a new tab) that, if discovered earlier by a malicious party, could have been exploited to give them elevated privileges in a third-party environment.
The company confirmed these findings in a security advisory that urged its users to patch their systems immediately (opens in a new tab). Earlier this March, a researcher from Synopsys’ Cyber Security Research Center (CyRC), Zeeshan Shaikh, found a privilege escalation flaw in Kaspersky’s VPN Secure Connection for Windows. This flaw would allow users to change their account status from “normal” to administrator. In Windows, the account is called SYSTEM, he explained to himself.
The leak is now registered as CVE-2022-27535 and has a severity score of 7.8. This puts it in the “high risk” category but not quite “critical.” According to Kaspersky, there is no evidence that the flaw has been exploited in the wild, so it’s good news that no one seems to have been hurt. Still, users are advised to apply the fix and update their VPNs to version 21.6 or later.
Check the latest news about tech news section for best information.