PCR Tech and IT retail, distribution and vendor news
Kaspersky Lab has acknowledged that a bug within its latest internet security software has the potential to be exploited, which can result in a freeze of the system’s operating system.
The bug, which is contained within Kaspersky Internet Security 2013 and other Kaspersky products that offer firewall functionality, is vulnerable to specifically designed IPv6 packets, believes security researcher Marc Heuse, posting the findings in a security advisory.
"A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system," said Heuse, "No log message or warning window is generated, nor is the system able to perform any task."
IPv6 is enabled by default within Windows Vista and newer Windows operating systems, in addition to both Mac OS and Linux, but its use across the wider web is currently limited, so the number of systems at risk is relatively low. However, systems continue to be vulnerable over local networks, as IPv6 addresses are assigned by default.
Acknowledging the bug, Kaspersky issued a statement, stating: "After receiving feedback from the researcher, Kaspersky Lab quickly fixed the error," the firm said.
"A private patch is currently available on demand and an auto patch will soon be released to fix the problem automatically on every computer protected by Kaspersky Internet Security 2013."
Despite acknowledging the bug, Heuse claims he originally warned the firm of the bug back in January, and again in February, but received no response.
PC image from Shutterstock
The sixth annual PCR Awards are taking place at the Royal Garden Hotel on March 14th and there are only a few seats remaining! If you want to make sure you’re there to celebrate the best of the UK IT and tech industry, then contact Carly Bailey to book your place…
