Attackers could execute malicious code with admin rights in NorthVPN and ProtonVPN processes. Revised updates create a remedy.See More: Cleanup program CCleaner infected with malware
Recently released security updates for the NordVPN and ProtonVPN applications for setting up and establishing VPN connections were relatively easy to circumvent. For example, despite patched versions, attackers would still be able to execute malicious code with system privileges on Windows PCs under certain circumstances.
That’s what Cisco Talos security researchers found out and published their findings in a blog post . Meanwhile, the vendors of the VPN applications have responded again and released custom security updates. Application users should make sure that they have the latest versions installed. The threat level of the gaps is classified as “high”.
The vulnerability in NorthVPN (CVE-2018-3952) is closed in version 6.17.3. ProtonVPN (CVE-2018-4010) is protected in release 1.6.3. NordVPN updates automatically. Users of ProtonVPN have to initiate the update process manually – how to do this is shown in a tutorial .
With quotes to success
For a successful attack, attackers would only have to provide the configuration files of the VPN applications with certain parameters – this was previously possible even with limited rights. At the configuration file uses a service of NordVPN and ProtonVPN, which runs with admin rights. In their example, the security researchers have started the editor of Windows with system rights.
To circumvent the protection of the old patches, they only had to put commands in quotation marks. Now the developers of the VPN solutions have chosen the way that a standard user can not change the configuration files at all.