Carnegie Mellon Software Engineering Institute’s CERT Coordination Center is issued patch for a recently disclosed vulnerability in Cylance Protect.
The vulnerability note, VU#489481, said that prior to a July 21, 2019, update Protect contained flaws that allow an adversary to craft malicious files that the AV product would likely mistake for simply being benign files. Security researchers found that this was done by isolating specific properties in the machine learning algorithm allowed them to change most known malicious files.
“Several common malware families, such as Dridex, Gh0stRAT, and Zeus, were reported as successfully modified to bypass the Cylance product in this way. The success rate of the bypass is reported as approximately 85 percent of malicious files tested,” the note said.
Cylance has deployed a patch fixing the problem and any systems
that have connected to the service since July 21 have been updated.