Kaspersky Update
2527Warning Date
Severity Level
Warning Number
Target Sector
27 February, 2020
● Medium
2020-973
All
Description:
Kaspersky has released security update to address a vulnerability in the following products:
Consumer products for Windows:
- Kaspersky Anti-Virus
- prior to 2019 Patch H, 2020 Patch D
- Kaspersky Internet Security
- prior to 2019 Patch H, 2020 Patch D
- Kaspersky Total Security
- prior to 2019 Patch H, 2020 Patch D
- Kaspersky Free
- prior to 2019 Patch H, 2020 Patch D
- Kaspersky Security Cloud
- prior to 2019 Patch H, 2020 Patch D
- Kaspersky Password Manager
- prior to 9.2 Patch C
- Kaspersky Safe Kids
- prior to 1.5 Patch C
- Kaspersky Software Updater
- prior to 2.1 Patch A
Corporate products for Windows:
- Kaspersky Endpoint Security
- 10 SP2 without pf3223
- Kaspersky Endpoint Security
- 10 SP2 MR3 without pf3528
- Kaspersky Endpoint Security
- 11.0.0 without pf5145
- Kaspersky Endpoint Security
- 11.0.1 without pf5352
- Kaspersky Endpoint Security
- 11.1 without pf7063
- Kaspersky Endpoint Security
- 11.1.1 without pf7523
- Kaspersky Small Office Security
- prior to 6 Patch H, 7 Patch D
Threats:
Local attacker could exploit these vulnerabilities by doing the following:
- Elevate privileges.
- Arbitrary code execution.
An attacker needs to bypass product's self-defense (Which a component that protects the application from malware and ensures its stable operation) in Anti-Virus products family and Endpoint Security to perform exploitation.
Best practice and Recommendations:
The CERT team encourages users to review Kaspersky security advisory and apply the necessary update:
Update instructions for Anti-Virus:
Update instructions for Internet Security:
Update instructions for Total Security:
Update instructions for Kaspersky Security Cloud:
* Kaspersky 's products will automatically update to the latest version.