It seems as though not a minute goes by where some sort of security bulletin gets released somewhere. Today’s top threat involves several top AntiVirus software manufacturers and their respective AV suites.
The security bug relates to the fact that the AntiVirus software creates a memory space with full RWX (read-write-execute) privileges where it normally runs. For the particular versions of the AntiVirus software, this memory space was not randomized and was often shared with other applications, like, for example, Acrobat Reader or other programs.
If an attacker knew about the antivirus’ predictable behavior and where this address space was, they could force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).
Attackers would be allowed to bypass Windows built-in security features by leveraging the antivirus itself.
It is not believed at this time that any malware has taken advantage of this particular bug. POCC Highly recommends you update your AV software to the current latest version to protect yourself from future attacks.