Multiple serious vulnerabilities have been found in Kaspersky products. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Multiple information leaks in different IOCTL handlers of Kaspersky Internet Security KLDISK driver can be exploited locally via a specially designed IOCTL requests to return out-of-bounds kernel memory and possibly obtain sensitive information as a result;
2. Vulnerabilities in syscall filtering functionality of Kaspersky Internet Security KLIF driver can be expoited locally via a specially designed native api call to cause an access violation resulting in a denial of service.

Technical details

All vulnerabilities can be exploited only in case machine already contains a malicious program.

Kaspersky Internet Security 2016 (16.0.0.614) 
Kaspersky Anti-Virus 2016 (16.0.0.614) 
Kaspersky Total Security 2016 (16.0.0.614)

Update to the latest versions
Download Kaspersky Total Security
Download Kaspersky Internet Security
Download Kaspersky Anti-Virus

Kaspersky Lab Advisory