NortonLidelock recommends that users install the latest updates as soon as possible.
The vulnerability affected several NortonLifelock (GenDigital) products: Norton Antivirus Windows Eraser Engine, Avira Security, Avast Antivirus and AVG Antivirus. The security flaw was assigned the identifier CVE-2022-4294 and a score of 7.1 on the CVSS scale.
According to a post published by Norton, the vulnerability is related to privilege escalation and has been fixed in Avast and AVG version 22.10, Norton version 220.127.116.11 and Avira Security version 1.1.78. The company strongly recommends that its customers update their anti-virus software to the latest versions available.
Norton said in a post that CVE-2022-4294 was fixed in updates that were released in the fall of 2022:
October 5 for Norton;
October 20 for Avast and AVG;
November 22 for Avira.
The vulnerability was discovered by Bahaa Naamneh, an employee of the information security company Crosspoint Labs. NortonLifelock flagged it in their CVE-2022-4294 fix.