Kaspersky patches local privilege escalation vulnerability in VPN Secure Connection


On Thursday, researchers revealed a local privilege escalation in Kaspersky’s VPN Secure Connection for Windows.

The CVE-2022-27535 vulnerability, according to a blog post by the Synopsys Cybersecurity Research Center, could allow an attacker to use Arbitrary Folder Delete to SYSTEM EoP to escalate their privileges (EoPs). They claimed it might cause a device to malfunction or result in the deletion of crucial system files needed for proper system operation. Read More…