Virus protection: Malwarebytes allows privilege escalation
Malwarebytes antivirus software for Windows contains security vulnerabilities. Attackers could misuse them, for example to delete any files on a computer or to extend their rights in the system. Updated software fixes the vulnerabilities.
Malwarebytes: High-risk vulnerability
The manufacturer does not explain the vulnerability in Malwarebytes for Windows in detail. However, a symbolic link can be abused to delete any file on a system; this is done via the quarantine system of Malwarebytes antivirus (CVE-2023-26088, CVSS 8.6risk “high“). In some scenarios, this could also lead to the extension of one’s own rights, Malwarebytes explains in the security advisory.
The bug affects Malware Bytes versions for Windows earlier than 184.108.40.206. In version 4.5.23, which was released at the end of February, the error should also have been corrected. On computers whose users only let Malwarebytes snooze in the background as a scanner, for example to get a second opinion, they should check whether the software is already up to date. To do this, it should be at least version 4.5.23 or newer, or users should apply the available update if necessary.
Security gaps inevitable?
As in any other type of software, antivirus developers make mistakes. However, because an antivirus is embedded deep within the system, vulnerabilities in it typically allow attackers to do far more damage than non-system software.
There are always vulnerabilities in various antivirus solutions. Last year, Microsoft’s Defender enabled software to enter exceptions in the registry due to a lack of access protection, which means that the scanner may not have reported them as malware. At the end of summer 2022, McAfee’s virus protection made it easier for attackers to nest in the system. Vulnerabilities in Trend Micro’s Apex One allowed attackers to escalate their privileges by the end of the year.
The manufacturers usually seal the security gaps quickly. It is generally not advisable to do without anti-virus software – the protective software can help if employees are a bit inattentive and accidentally download malware for which there are already detections or for which heuristics are triggered. In addition, companies must prove that they have taken sufficient protective measures within the meaning of the GDPR, and this certainly includes virus protection.