CVE-2019-15689

Name of the Vulnerable Software and Affected Versions Kaspersky Secure Connection versions prior to 2020 patch E Kaspersky Internet Security versions prior to 2020 patch E Kaspersky Total Security versions prior to 2020 patch E Kaspersky Security Cloud versions prior to 2020 patch E

Description The issue is related to insufficient access control in the ksde.exe executable file of Kaspersky security products. Exploitation of this issue may allow an attacker to execute arbitrary code using a specially crafted DLL file. This can be achieved by a local user with administrator rights, and it does not involve privilege escalation. There is also a possibility of bypassing whitelisting in some security products.

Recommendations For Kaspersky Secure Connection versions prior to 2020 patch E, update to version 2020 patch E or later. For Kaspersky Internet Security versions prior to 2020 patch E, update to version 2020 patch E or later. For Kaspersky Total Security versions prior to 2020 patch E, update to version 2020 patch E or later. For Kaspersky Security Cloud versions prior to 2020 patch E, update to version 2020 patch E or later. As a temporary workaround, consider restricting access to the ksde.exe executable file until a patch is available.