Bitdefender Products Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability has been identified in multiple Bitdefender products, including Total Security, Internet Security, Antivirus Plus, Antivirus Free, and Endpoint Security Tools for Windows. The vulnerability allows low-privileged attackers to elevate privileges by exploiting the Active Threat Control module. It arises from the 'bdservicehost.exe' process deleting files from a user-writable directory ('C:\ProgramData\Atc\Feedback') without proper validation of symbolic links, enabling arbitrary file deletion. This flaw is combined with a file copy operation during network events and a bypass of the filter driver through DLL injection, facilitating arbitrary file copying and code execution with elevated privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing low-privileged users to gain elevated rights and potentially execute code with those higher privileges.

Remediation

Bitdefender has released automatic updates to address this vulnerability. Users can update to the following versions: Bitdefender Total Security 27.10.45.497, Bitdefender Internet Security 27.10.45.497, Bitdefender Antivirus Plus 27.10.45.497, Bitdefender Antivirus Free 30.0.25.77, and Bitdefender Endpoint Security Tools for Windows 7.9.20.515.