CVE-2022-42045: 
Watchdog Anti-Malware vulnerability analysis and mitigation

A critical vulnerability (CVE-2022-42045) was discovered in certain Zemana products affecting their kernel-mode driver (amsdk.sys). The vulnerability allows arbitrary code injection into driver code sections, impacting Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28. The issue was disclosed in 2022 and received a CVSS v3.1 base score of 6.7 MEDIUM (NVD).

The vulnerability exists in the amsdk.sys kernel-mode driver's function at offset 0xBF60 in the .text section. This function calls another at offset 0xD664, which processes four arguments including a target address with RWX access rights in the .hook section, a source address with user-controlled code, an integer value (128), and a function address within ntoskrnl.exe. The vulnerability can be triggered through IOCTL 0x80002044 to inject arbitrary code, and IOCTL 0x80002014 or 0x80002018 to execute it (Third Party Advisory).

The vulnerability enables local privilege escalation from administrator to kernel mode privileges. This could allow attackers to disable Driver Signature Enforcement and install unsigned kernel-mode drivers. The vulnerability affects 64-bit versions of Windows from Windows 7 to Windows 11 (Third Party Advisory).

The recommended mitigation steps include uninstalling affected Zemana or Watchdog Antimalware products and adding the vulnerable driver signatures to the system blacklist (Third Party Advisory).