FS on technical export control of the occupying country informed the defense industry about the dangers of using anti-virus programs developed in Russia.

The analysis of information security threats indicates that “foreign hacker groups are actively exploiting software vulnerabilities in the implementation of computer attacks on the information structure of the Russian Federation.”

The main danger is the use of Russian “import substitution” software products by government agencies. First of all, Kaspersky anti-virus programs: Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, etc.

It turned out that the use of these programs leads to the interception of computer control, information leakage, the ability to install and execute third-party code, and more. The level of danger associated with their use is assessed from “medium” to “critical”.

FEDERAL SERVICE DEPARTMENT

FSTEC of RUSSIA

EXPORT CONTROLS FOR THE NORTH-WEST

Organizations operating in the field of defense and space-rocket industry VІDA within the North-Western Federal District

FOR THE TECHNICAL AND FEDERAL DISTRICT Management FSTEC ROSS

Northwestern Federal District)

Nenovevskaya sq., 11. Sapu Petersburg, 190000 Tel.: (812) 312-55-19 Email: salob 06 04 2012. No 14/665

Ha Ne

On measures to improve the security of information infrastructure facilities of the Russian Federation

The analysis of data on threats to information security, carried out by specialists of the FSTEC of Russia in the current situation, shows that foreign hacker groups exploit software vulnerabilities when implementing computer attacks on the information infrastructure of the Russian Federation. active MILITARY

In order to prevent the implementation of information security threats related to the exploitation of vulnerabilities, please pay attention to the need to eliminate the following vulnerabilities: attention

1. Vulnerability in the data parsing module of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, Kaspersky Security Cloud, Kaspersky Endpoint Security (BDU:2022-01730, severity level according to CVSS 2.0 – critical, according to CVSS 3.0 critical) associated with unlimited resource allocation. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code.

In order to prevent exploitation of the specified vulnerability, the specified software must be updated. module of Kaspersky anti-virus protection

2. Vulnerability in Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, Kaspersky Security Cloud, Kaspersky Endpoint Security (BDU:2022-01729, severity level for CVSS 2.0 software – medium, for CVSS 3.0 – medium), related with lack of access control. Exploitation of the vulnerability could allow an attacker to crash the Microsoft Windows operating system by launching a specially crafted application.

In order to prevent exploitation of the specified vulnerability, the specified software must be updated.

• restrict remote access to the operating system (SSH and other protocols);
• restrict access to the command line for untrusted users; use anti-virus information protection tools; monitor user actions; use access control systems (SELinux, AppArmor and others systems).

2 Spring Module Routing

Vulnerability in the mechanism for promoting business logic using Spring Cloud Functions (BDU:2022-01628, severity level according to CVSS 2.0 – medium, according to CVSS 3.0 – medium), associated with the shortcomings of the procedure for neutralizing special elements B of the output data used by the incoming component. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to local resources or cause OTKE3 in service with a specially crafted SpEL expression. To prevent this vulnerability from being exploited, it is necessary to use application layer firewalls in blocking mode to filter HTTP requests.

4. Vulnerability of the Spring Framework software platform (BDU:2022 01627, severity level according to CVSS 2.0 – medium, according to CVSS 3.0 – medium) associated with unlimited resource allocation. An exploitation of the vulnerability could allow a remote attacker to call into service using a specially crafted SPEL expression.

Spring Framework (BDU:2022-01631, CVSS 2.0 severity level –

critical, according to CVSS 3.0 – high) associated with the use of input data

with external control for class selection. Exploitation of a vulnerability can

allow a remote attacker to execute arbitrary code.

In order to prevent the exploitation of this vulnerability

To prevent this vulnerability from being exploited, it is necessary to use application layer firewalls in blocking mode to filter HTTP requests. 5. Zero-day vulnerability of the Spring Core module of software BOCHHA

necessary: ​​configure the application layer firewalls to filter lines containing the following values: “class.>>, “Class.>,

modify the Spring Framework controller B part of the @InitBinder annotation by supplementing the dataBinder.setDisallowedFields method call with the strings: “class.”, “Class.>, <

add a global class to the project that provides a call to the dataBinder.setDisallowedFields method to add the following strings to the “black list”: “class.>, “Class.>,

use JDK version 8 or earlier. 6. Vulnerability in the tc_new_tfilter component of the Linux kernel (BDU:2022-01644, severity level according to CVSS 2.0 – medium, according to CVSS 3.0 – medium), associated with the possibility of using memory after freeing. Exploitation

The vulnerability could allow an attacker to elevate their privileges. In order to prevent the exploitation of this vulnerability, you must:

disable unused accounts, as well as accounts of untrusted users;

force user password change: