News for August 4, 2022


Kaspersky VPN Vulnerability
by Artie Kaye

A bug found in VPN Secure Connection released by Kaspersky has been made public. The bug functions as a local privilege-escalation which could give an attacker control over your machine. It is currently not seeing exploitation in the wild, but that typically changes soon after reports are made. If you use this product, a patch is available and the bug does not exist in version 21.7.7.393 or later.

The flaw is listed as CVE-2022-27535.

https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

https://www.darkreading.com/endpoint/high-severity-bug-kaspersky-vpn-client-pc-takeover