What is the story with Microsoft, Kaspersky and KB 4524244 security update all about?
What happened?
Microsoft released security update KB4524244 as a part of its February 2020 Patch Tuesday. This update caused problems with some devices and Microsoft revoked it.
Why Kaspersky is involved in the story?
The update addresses a security vulnerability that was found in Kaspersky Rescue Disk, and then publicly disclosed in April 2019. This was later fixed in August 2019.
What is the Kaspersky Rescue Disk?
This is a free tool to clean your infected computer even if the operating system (OS) won’t load.
What was the vulnerability?
It was possible to run an untrusted UEFI image (e.g. custom operating system) on a computer protected by Secure Boot technology. This could be done by exploiting a custom UEFI loader used by Kaspersky Rescue Disk. Practical attack scenario required physical access to a computer.
What fixes have been applied by Kaspersky?
A fixed UEFI loader that doesn’t have this vulnerability was released and included in Kaspersky Rescue Disk in August 2019. Additionally, Kaspersky endpoint security products are able to detect attempts to exploit the vulnerability since April 2019.
What fixes have been applied by Microsoft? ...read full article
