This security advisory describes one critical risk vulnerability.
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C] [PCI]
Exploit availability: NoDescription
The security issue exists due to presence of backdoor code in updates, distributed from the official website. After update installation, the system becomes infected with NotPetya ransomware.
Malware, present in the code, also performs various attempts to infect other systems.
The vendor has issued version 10.01.190 which does not contain backdoor.
M.E.Doc: 10.01.188, 10.01.189CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.