Kaspersky Fixes Bug in Security Suite

Thursday, March 14, 2013 @ 04:03 PM gHale


Kaspersky released a fix for a bug with certain IPv6 packets in its Kaspersky Internet Security 2013.

A single packet is all that an attacker had to do to cripple a Windows PC, said Security researcher Marc Heuse who found the issue. When running tests with his IPv6 tool suite, Heuse discovered Kaspersky Internet Security responds inappropriately to fragmented IPv6 packets that contain an overly long extension header.

RELATED STORIES
Data Breaches Take Months to Find
Security Firm Hacked
New Attacks from ‘Gameover’ Gang
Changeup Worm Growing

IPv6 support has been enabled by default since Windows Vista, therefore users would be vulnerable even without one of the still sparsely used IPv6 Internet connections – for example on public Wi-Fi networks.

Kaspersky confirmed the problem for Kaspersky Internet Security 2013, Kaspersky Pure 3.0 and Kaspersky Endpoint Security 10 for Windows.

“A non-public patch [for Kaspersky Internet Security 2013] is already available from our support department on request, and an autopatch that will fix the problem automatically will be released in the near future”, Kaspersky officials said.



Leave a Reply

You must be logged in to post a comment.