Wednesday, September 17, 2008

Finally fixed ...

The vulnerability described in TKADV2008-008 can be exploited to get reliable code execution in kernel mode under all Windows versions supported by G DATA. See this fancy poc flash movie. The movie is from 2007 as G DATA needed 294 days (!) to provide a fixed version of their products.

The vulnerability is only fixed in the *new* G DATA 2009 products. As far as I know G DATA will *not* provide a fix for AntiVirus, InternetSecurity or TotalCare 2008.