Fortinet Discovers AVIRA Self-Protection Bypass via Registry Removal
Summary
Fortinet's FortiGuard Labs has discovered self-protection bypass flaw in Avira Antivirus.
Avira Antivirus is a security software developed by Avira Operations GmbH & Co. KG.
Avira self-defense driver can be bypassed by user-mode program that would allow adversary to disable critical product functionalities. The flaw resides in Avira's self-defense driver avipbb.sys which allows adversary to modify Avast protected registry key that could make product become completely nonfunctional or partially malfunction by disabling product update
Solutions
Users of vulnerable Avira products should apply the latest updates from Avira.
Additional Information
Following products and versions are affected.
 Avira Free Edition 15.0.19.164 and below
Timeline
Fortinet reported the vulnerability to Avira on September 9, 2016.
Avira confirmed the vulnerability on September 9, 2016.