Malwarebytes antivirus software for Windows is found to have security vulnerabilities that could be misused by attackers. These vulnerabilities can enable attackers to delete any files on a computer and extend their rights in the system. The manufacturer has released an updated version of Malwarebytes that contains a fix for these vulnerabilities.
However, the manufacturer did not explain the details of the vulnerabilities at length. Malwarebytes has identified the use of a symbolic link to delete any file on a system as one of the vulnerabilities. This is done via the quarantine system of the Malwarebytes virus protection. As a result, Malwarebytes has tagged this as a high-risk vulnerability (CVE-2023-26088, CVSS 8.6).
The vulnerability affects Malware Bytes versions for Windows earlier than 4.5.22.236. This means that users need to upgrade their software to version 4.5.23, which was released at the end of February. Those who keep Malwarebytes as a scanner in the background should check their software version before getting a second opinion.
Antivirus software plays a significant role in protecting computer systems. This means that any security gap can lead to extensive and irreversible damages. Antivirus developers are not immune to making mistakes, and they always try to fix security gaps within the software. For example, Microsoft’s Defender enabled software to hide from the scanner due to a lack of access protection, while McAfee’s virus protection made it easier for attackers to nest in the system.
Yet, it is not advisable to do without anti-virus software since it can help detect malware and keep sensitive data safe. In addition, companies must ensure that they have taken sufficient protective measures within the meaning of the GDPR, and this certainly includes virus protection.
In summary, users need to upgrade their Malwarebytes software to version 4.5.23, which fixes the high-risk vulnerability. It is necessary to be cautious while using antivirus software, as vulnerabilities in it can be readily exploited by attackers.