Fortinet Discovers AVIRA Self-Protection Bypass via Registry Removal
Fortinet's FortiGuard Labs has discovered self-protection bypass flaw in Avira Antivirus.
Avira Antivirus is a security software developed by Avira Operations GmbH & Co. KG.
Avira self-defense driver can be bypassed by user-mode program that would allow adversary to disable critical product functionalities. The flaw resides in Avira's self-defense driver avipbb.sys which allows adversary to modify Avast protected registry key that could make product become completely nonfunctional or partially malfunction by disabling product update
Users of vulnerable Avira products should apply the latest updates from Avira.
Following products and versions are affected.
Avira Free Edition 220.127.116.11 and below
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.