The Nigerian Communications Commission (NCC) has advised
telecom consumers and other Information and Communications Technology (ICT) end
users on the need to always enable automatic update features for AVAST and AVG
antiviruses to prevent potential cyber vulnerabilities.
This was contained in a new advisory released by the
Computer Security Incident Response Team (CSIRT), the cybersecurity centre for
the telecom sector established by the Commission, in continuation of its
resolve to always keep Nigerians safe in cyberspace.
The advisory noted that cyber vulnerability in AVAST and AVG
Antiviruses can lead to attacks on millions of devices with high impact in
terms of consequences to the ICT user.
The threat types as a result of this vulnerability are
Bypass Authentication, Remote Code Execution and Unauthorised Access while
consequences range from Privilege Escalation, Bypass Security Products,
Overwrite System Components and corrupting the Operating System.
According to CSIRT, researchers at SentinelOne security firm
have discovered two potentially damaging vulnerabilities in AVAST and AVG
antivirus products that allow attackers to escalate privileges enabling them to
disable security products, overwrite system components, corrupt the operating
system, or perform malicious operations unimpeded.
“Two vulnerabilities identified as CVE-2022-26522 and
CVE-2022-26523 targeted the “Anti Rootkit” driver of Avast antivirus (also used
by AVG) allowing an attacker with limited privileges on the targeted system to
execute code in system mode (kernel mode) and take complete control of the
device. Moreover, the vulnerabilities allow complete take-over of a device,
even without privileges, due to the ability to execute code in kernel mode,”
the CSIRT said in the advisory.
However, the cybersecurity centre has offered tripartite
measures that should be taken by Internet/ICT users to prevent being vulnerable
to cyber threats. They include enabling automatic update features for AVAST and
AVG antiviruses, upgrading AVAST and AVG antiviruses to version 22.1.2504, as
well as carrying out regular patch management.
Advertise on NigerianEye.com to reach thousands of our daily users
No comments
Post a Comment
Kindly drop a comment below.
(Comments are moderated. Clean comments will be approved immediately)
Advert Enquires - Reach out to us at NigerianEye@gmail.com