Almost all major cybersecurity tools could be exploited to give attackers elevated privileges on a target machine.
This is according to a new report from cybersecurity firm CyberArk, which claims that “probably every Windows machine out there” has at least one software that can be abused to gain elevated privileges.
Most of the time, claims CyberArk, privileged access can be achieved through file manipulation attacks.
Further, anti-malware products appear to be a lot more vulnerable to exploitation than other types of software, due to the fact they need greater access in order to function.
The sheer number of bugs found in anti-malware products is “staggering”, CyberArk says, but many of which can be removed with relative ease.
Among the most popular flaws, the researchers singled out the default DACLs of the C:\ProgramData directory, shared log file bugs, creating an installation directory upfront, as well as using an old installation framework.
“The implications of these bugs are often full privilege escalation of the local system. Due to the high privilege level of security products, an error in them could help malware to sustain its foothold and cause more damage to the organization,” explained CyberArk’s Eran Shimony in a blog post.
"The exploits that were presented here are easy to implement, but also easy to patch against. We have seen that blocking symlink attacks or blocking the load of malicious DLLs require only a small touch-up in the code. Knowing that, AV vendors should be able to eliminate this widespread bug class.”