Kaspersky Secure VPN vulnerability could have given hackers the keys to the kingdom

>

Kaspersky has patched a major flaw in one of its VPN (opens in new tab) products which, had a malicious actor discovered it sooner, could have been abused to give them elevated privileges in a third-party environment. 

The company confirmed these findings in a security advisory in which it also urged its users to patch (opens in new tab) their systems immediately. In early March this year, a researcher from the Synopsys Cybersecurity Research Center (CyRC), Zeeshan Shaikh, found an escalation of privilege flaw in Kaspersky’s VPN Secure Connection for Windows. This flaw would allow users to change their account status from “regular” to admin, essentially. In Windows, the account is called SYSTEM, it was explained.