Unquoted service path in K7 Consumer products allows local users to launch processes with elevated privileges.
List of affected products
K7 Consumer Products & K7 Endpoint Security Products
K7 Computing recommends that all customers update their products to the corresponding versions shown below:
K7 Ultimate Security (16.0.0103 or Higher)
K7 Total Security (16.0.0103 or Higher)
K7 Antivirus Premium (16.0.0103 or Higher)
K7 Enterprise Security (14.2.0001 or Higher)
We would like to express our gratitude to “Andrei Saygo of Microsoft DSRE Red Team working with Microsoft Vulnerability Research (MSVR)” for reporting these vulnerabilities to us along with comprehensive details.