Kaspersky Embedded Systems Security 1.1: Critical Fix KB13520

 

Kaspersky Embedded Systems Security 1.1

 
 
 

Kaspersky Embedded Systems Security 1.1: Critical Fix KB13520

Back to "General Info"
2018 May 23 ID: 13520
 
 
 
 

Description

Kaspersky Lab has fixed the vulnerabilities in Kaspersky Embedded Systems Security versions 1.1.0.104 and 1.2.0.300 that were found by the company Positive Technologies:

  1. The Applications Launch Control component was unable to manage properly a large number of applications launching simultaneously. As a result, some applications were allowed to launch, even if these applications were to be strictly denied by the rules. 
  2. The versions fixed provide an improved algorithm for the processing of a big quantity of application launches, and guarantee strict denial for PowerShell script execution by placing the script body into the command line.
  3. No access restrictions on connection to the Kaspersky Embedded Systems Security filter driver were applied for other applications.

Affected versions

  • Kaspersky Embedded Systems Security 1.1 (1.1.0.104).
  • Kaspersky Embedded Systems Security 1.1 MR1 (1.2.0.300).

Versions fixed

The vulnerability was fixed in Kaspersky Embedded Systems Security 2.0 (2.0.0.385) and Critical Fix KB13520.

To eliminate the vulnerability from Kaspersky Embedded Systems Security 1.1 (1.1.0.104), use one of the options given below:

  • Upgrade the Kaspersky Embedded Systems Security to version 1.1 MR1 (1.2.0.300). Download Critical Fix KB13520 by clicking the Get private fix button and apply it:
    • For 32-bit operating systems: critical_fix_vuln_1(kb13520)_x86.msp
    • For 64-bit operating systems: critical_fix_vuln_1(kb13520)_x64.msp

To eliminate the vulnerability from Kaspersky Embedded Systems Security 1.1 MR1 (1.2.0.300), use one of the options given below:

  • Download Critical Fix KB13520 by clicking the Get private fix button and apply it:
    • For 32-bit operating systems: critical_fix_vuln_1(kb13520)_x86.msp
    • For 64-bit operating systems: critical_fix_vuln_1(kb13520)_x64.msp
  • Upgrade Kaspersky Embedded Systems Security to version 2.0 (2.0.0.385).

Acknowledgments

We would like to extend our thanks to the Positive Technology for reporting these bugs to Kaspersky Lab.

 
 
 
 
 

Download file

 
 
 
 
Was this information helpful?
Yes No
Thank you
 
 
 

Back to "General Info"
 
 

 
 

How can we improve this article?

We will not be able to contact you if you leave your email address or phone number. To contact technical support, please sign in to your Personal Account.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK