Kaspersky Lab Software Vulnerable to Attack: Report

Users of Kaspersky Lab's Internet Security 2013 software are being told the product contains a bug that, if exploited, could cause their operating system to freeze up.

According to reports, the bug can be exploited by hackers using an Internet Protocol version 6 (IPv6) packet. If a specially-crafted packet is sent to computers running Kaspersky Internet Security 2013 software, a system can be disabled.

"A fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system," said security expert Marc Heuse. "No log message or warning window is generated, nor is the system able to perform any task." (Source: pcworld.com)

Kaspersky Lab Slow to Respond

Luckily IPv6 Internet adoption rates are relatively low. However, because many computers can be accessed via IPv6 on local networks, the threat remains substantial.

Heuse says he discovered the flaw in January 2013. He reported the issue to Kaspersky Lab late that month, but received no reply. He again sent a message to Kaspersky Lab in mid-February but again did not hear back from the Russian security company.

In an attempt to draw Kaspersky's attention to the issue, Heuse later published a proof-of-concept tool that could be used to exploit the flaw.

Automatic Patch Coming Soon

Kaspersky Lab has finally acknowledged that the threat exists. The firm also says it is actively developing a patch that will "fix the problem automatically on every computer protected by Kaspersky Internet Security 2013."

It remains unclear when Kaspersky Lab will make the automatic patch available to home users.

In the meantime, Kaspersky insists that the threat posed to the average Kaspersky Internet Security 2013 user is minimal.

Furthermore, the firm says that "Kaspersky Lab would like to apologize for any inconvenience caused. Actions have been taken to prevent such incidents from occurring in the future." (Source: zdnet.com)