Jump to content
Abissa

0 day vulnerability in KL products [In progress]

Recommended Posts

Hello,

 

Anyone know how to check if our KL products have been effectively patched against the 0 day vulnerability found 2 days ago by Google engineer ?

 

http://www.theregister.co.uk/2015/09/08/kaspersky_0day/

 

Thanks.

 

Hello.

 

Our statement on this is as follows:

We would like to thank Mr. Tavis Ormandy for reporting to us a buffer overflow vulnerability, which our specialists fixed within 24 hours of its disclosure. A fix has already been distributed via automatic updates to all our clients and customers.

We’re improving our mitigation strategies to prevent exploiting of inherent imperfections of our software in the future. For instance, we already use such technologies as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).

Kaspersky Lab has always supported the assessment of our solutions by independent researchers. Their ongoing efforts help us to make our solutions stronger, more productive and more reliable.

 

Thank you!

Share this post


Link to post
For both version 2015 and version 2016 ?

 

Provided was basically the same vulnerability which existed in both versions. The fix came with a module update which are fetched along with the definition updates and remain the same in different product versions.

 

Thank you.

Share this post


Link to post

Hi!

 

How can i verify that the fixes are installed?

(using Endpoint Security 8 and 10)

Edited by lord_discord

Share this post


Link to post
Hi!

 

How can i verify that the fixes are installed?

(using Endpoint Security 8 and 10)

 

Hi,

 

If you have the latest anti-virus databases then you can be sure that fix in installed.

 

BR

Share this post


Link to post
Hi,

 

If you have the latest anti-virus databases then you can be sure that fix in installed.

 

BR

 

Thanks for Information - i verfified that I'm up to date!

 

Share this post


Link to post

Can we consider this topic as resolved?

If yes, then please evaluate support help by using "Rating" option.

 

BR

Share this post


Link to post

Unfortunately, I cannot consider this problem resolved.

 

Mr. Tsapovsky said that "The fix came with a module update..." I assume when he writes "module" he means an executable file with an extension like ".exe" or ".dll" I have examined the update logs on my system from 4 September through the latest I have on 8 September (today) and cannot find to entry for an update of an ".exe" or ".dll" module or anything else that looks like an executable.

 

Admittedly, my eyes are not what the use to be and I could have missed it among the other files being updated. Of course an executable need not end in ".exe" or ".dll"; it could end in anything, which makes my search futile.

 

Three questions:

 

1) What was the name (and extension) of the module?

 

2) What day was the module sent out? (Time in GMT, please)

 

2) Is a reboot required to activate the module?

 

The thought that my anti-virus, the program I rely on to protect my computer, could be compromised is, to put it mildly, disquieting.

Edited by bgelfand

Share this post


Link to post
Unfortunately, I cannot consider this problem resolved.

 

Mr. Tsapovsky said that "The fix came with a module update..." I assume when he writes "module" he means an executable file with an extension like ".exe" or ".dll" I have examined the update logs on my system from 4 September through the latest I have on 8 September (today) and cannot find to entry for an update of an ".exe" or ".dll" module or anything else that looks like an executable.

 

Admittedly, my eyes are not what the use to be and I could have missed it among the other files being updated. Of course an executable need not end in ".exe" or ".dll"; it could end in anything, which makes my search futile.

 

Three questions:

 

1) What was the name (and extension) of the module?

 

2) What day was the module sent out? (Time in GMT, please)

 

2) Is a reboot required to activate the module?

 

The thought that my anti-virus, the program I rely on to protect my computer, could be compromised is, to put it mildly, disquieting.

Hello,

 

Did you see some *.kdl file which has been updated?

 

Regards

Share this post


Link to post

I am also very interested in how I can prove that this vulnerability has been fixed. We are using KSC 10.2.434 and several versions of the windows and linux clients. I need to be able to provide proof to satisfy some some very strict regulations.

 

 

Unfortunately, I cannot consider this problem resolved.

 

Mr. Tsapovsky said that "The fix came with a module update..." I assume when he writes "module" he means an executable file with an extension like ".exe" or ".dll" I have examined the update logs on my system from 4 September through the latest I have on 8 September (today) and cannot find to entry for an update of an ".exe" or ".dll" module or anything else that looks like an executable.

 

Admittedly, my eyes are not what the use to be and I could have missed it among the other files being updated. Of course an executable need not end in ".exe" or ".dll"; it could end in anything, which makes my search futile.

 

Three questions:

 

1) What was the name (and extension) of the module?

 

2) What day was the module sent out? (Time in GMT, please)

 

2) Is a reboot required to activate the module?

 

The thought that my anti-virus, the program I rely on to protect my computer, could be compromised is, to put it mildly, disquieting.

 

Share this post


Link to post
Unfortunately, I cannot consider this problem resolved.

 

Mr. Tsapovsky said that "The fix came with a module update..." I assume when he writes "module" he means an executable file with an extension like ".exe" or ".dll" I have examined the update logs on my system from 4 September through the latest I have on 8 September (today) and cannot find to entry for an update of an ".exe" or ".dll" module or anything else that looks like an executable.

 

Admittedly, my eyes are not what the use to be and I could have missed it among the other files being updated. Of course an executable need not end in ".exe" or ".dll"; it could end in anything, which makes my search futile.

 

Three questions:

 

1) What was the name (and extension) of the module?

 

2) What day was the module sent out? (Time in GMT, please)

 

2) Is a reboot required to activate the module?

 

The thought that my anti-virus, the program I rely on to protect my computer, could be compromised is, to put it mildly, disquieting.

 

Please excuse the possible confusion regarding my previous post. We have verified with the specialists, and the information is as follows:

 

-The fix is not a module update; it has been distributed along with a simple bases update, so there is no specific file to look for. The exact timestamp of the update is yet to be announced.

-The reboot is not necessary for the fix to take effect.

 

The update was distributed via an automatic update to all of our clients and customers on 5 September at 22.03 p.m. (Moscow time).

 

Thank you!

Share this post


Link to post

Ormandy has indicated on Twitter that this isn't the end of it, he's found other issues. Of course not all might affect KES.

Share this post


Link to post
Please excuse the possible confusion regarding my previous post. We have verified with the specialists, and the information is as follows:

 

-The fix is not a module update; it has been distributed along with a simple bases update, so there is no specific file to look for. The exact timestamp of the update is yet to be announced.

-The reboot is not necessary for the fix to take effect.

 

The update was distributed via an automatic update to all of our clients and customers on 5 September at 22.03 p.m. (Moscow time).

 

Thank you!

 

Thank you very much, Mr. Tsapovsky. I appreciate your reply (and so does my optometrist. After combing through update logs for more than an hour and finding no updated modules, I was about to take my new eye glasses back and complain <BIG GRIN>).

 

Brooks Gelfand

Edited by bgelfand

Share this post


Link to post
Thank you very much, Mr. Tsapovsky. I appreciate your reply (and so does my optometrist. After combing through update logs for more than an hour and finding no updated modules, I was about to take my new eye glasses back and complain <BIG GRIN>).

 

Brooks Gelfand

 

Thank you for your feedback!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.