The BSI warning security vulnerability number is CVE-2019-8285, which was actually fixed by Kaspersky last month. This problem allows remote execution of arbitrary code on vulnerable computers. Kaspersky said that only systems with anti-virus databases released before April 4 will be affected.
The current vulnerability patch has been released via Kaspersky's built-in update system, so if automatic updates are enabled, the user device should be secure. Kaspersky said in a consultation report issued on May 8th: "Kaspersky Lab has fixed a security issue CVE-2019-8285 in its products, which may allow third parties to remotely execute any of the user's PCs with system privileges. Code. The security fix was deployed to Kaspersky Lab client via product updates on April 4, 2019."
Kaspersky said that technically all Kaspersky products with anti-virus databases will be affected by the vulnerability. This vulnerability is not related to the operating system version, so allWindowsThe version will be affected. This issue is classified as a heap-based buffer overflow vulnerability. Memory corruption during JS file scanning may result in arbitrary code being executed on the user's computer.