Vulnerabilities

Trend Micro Patches Code Execution Vulnerability in Anti-Threat Toolkit

Trend Micro recently patched a high-severity remote code execution vulnerability in its Anti-Threat Toolkit (ATTK).

The Trend Micro ATTK tool allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections.

Eduard Kovacs

October 23, 2019

Trend Micro recently patched a high-severity remote code execution vulnerability in its Anti-Threat Toolkit (ATTK).

The Trend Micro ATTK tool allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections.

Researcher John Page, aka hyp3rlinx, discovered that attackers can abuse ATTK to execute arbitrary code on a targeted system by planting malicious files named cmd.exe or

Regedit.exe in the same folder as the tool. When a scan is initiated, the malicious files would get executed by the application.

“Since the ATTK is signed by verified publisher and therefore assumed trusted any MOTW security warnings are bypassed if the malware was internet downloaded, also it can become a persistence mechanism as each time the Anti-Threat Toolkit is run so can an attackers malware,” Page said in an advisory.

The researcher has published a video showing how the attack works:

Trend Micro was informed about the vulnerability, tracked as CVE-2019-9491, on September 9 and a patch was rolled out on October 18 with the release of version 1.62.0.1223. Version 1.62.0.1218 and below on Windows are impacted by the flaw.

Advertisement. Scroll to continue reading.

Other tools such as WCRY Patch Tool and OfficeScan Toolbox also integrate ATTK and they have also received updates to address the issue.

“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date,” Trend Micro said in its own advisory. “However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.”

Written By Eduard Kovacs

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Latest News

Click to comment

CIEM Chat: How to Reduce Cloud Identity Risk

March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Virtual Event: Ransomware Resilience & Recovery Summit

April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. (Joshua Goldfarb)

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. (Etay Maor)

You Against the World: The Offenders Dilemma

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves. (Tom Eston)

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. (Marc Solomon)

Know Your Audience When Speaking to Security Practitioners

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? (Joshua Goldfarb)

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

SecurityWeek NewsMarch 26, 2014

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Eduard KovacsMarch 28, 2023

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Ionut ArghireJanuary 5, 2023

Vulnerabilities

Burglars Can Easily Disable SimpliSafe Alarms: Researcher

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Eduard KovacsFebruary 18, 2016

Risk Management

Cyber Insights 2023 | Supply Chain Security

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Kevin TownsendFebruary 2, 2023

Cybercrime

Microsoft Warns of Office Zero-Day Attacks, No Patch Available

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Ryan NaraineJuly 11, 2023

Vulnerabilities

Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Ryan NaraineMarch 14, 2023

IoT Security

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

Eduard KovacsFebruary 9, 2023

SECURITYWEEK NETWORK:

ICS:

SecurityWeek

Vulnerabilities

Trend Micro Patches Code Execution Vulnerability in Anti-Threat Toolkit

More from Eduard Kovacs

Latest News

Trending

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

Vulnerabilities

Burglars Can Easily Disable SimpliSafe Alarms: Researcher

Risk Management

Cyber Insights 2023 | Supply Chain Security

Cybercrime

Microsoft Warns of Office Zero-Day Attacks, No Patch Available

Vulnerabilities

Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns

IoT Security

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras

SECURITYWEEK NETWORK:

ICS:

More from Eduard Kovacs

Latest News

Trending

Daily Briefing Newsletter

CIEM Chat: How to Reduce Cloud Identity Risk

Virtual Event: Ransomware Resilience & Recovery Summit

People on the Move

Expert Insights

Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

You Against the World: The Offenders Dilemma

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program

Know Your Audience When Speaking to Security Practitioners

Related Content

Vulnerabilities

Full Disclosure List Gets a Fresh Start – Reborn Under New Operator

Data Breaches

ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

IoT Security

16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure

Vulnerabilities

Burglars Can Easily Disable SimpliSafe Alarms: Researcher

Risk Management

Cyber Insights 2023 | Supply Chain Security

Cybercrime

Microsoft Warns of Office Zero-Day Attacks, No Patch Available

Vulnerabilities

Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns

IoT Security

Vulnerability Allows Hackers to Remotely Tamper With Dahua Security Cameras