Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Trend Micro Patches More Vulnerabilities in Anti-Threat Toolkit

An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019.

An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019.

Trend Micro ATTK allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections. ATTK is also used by other Trend Micro products, including WCRY Patch Tool and OfficeScan Toolbox.

Researcher John Page, aka hyp3rlinx, discovered last year that ATTK was affected by a vulnerability that could have been exploited by a remote attacker to execute arbitrary code with elevated privileges by planting malicious files named cmd.exe or Regedit.exe in the same directory as the tool. The malicious files would get executed by the application when a scan was initiated.

The vulnerability, tracked as CVE-2019-9491, was patched in mid-October with the release of version 1.62.0.1223.

Researcher Stefan Kanthak has also analyzed the vulnerability and discovered that Trend Micro has failed to patch it completely. Kanthak has identified three other similar attack methods that can be launched against ATTK to execute arbitrary code by planting specially crafted files in specific locations.

He informed Trend Micro of his findings on October 23 and the cybersecurity firm last week released another update, version 1.62.0.1228, to patch the new flaws.

Advertisement. Scroll to continue reading.

Trend Micro has updated its advisory for CVE-2019-20358 and assigned a second CVE identifier, CVE-2019-20358, to the related vulnerabilities discovered by Kanthak.

While exploitation of the flaws requires physical or remote access to the targeted system, Trend Micro has advised customers to install the patches as soon as possible.

Kanthak also claims to have identified some issues in how Trend Micro developed its ATTK product.

“The Trend Micro Anti-Threat Toolkit inspected in October 2019 was built from scrap: the developers used VisualStudio 2008 (end-of-life since two years), linked against an outdated and vulnerable LIBCMT, shipped an outdated and vulnerable cURL 7.48 plus an outdated and vulnerable libeay32.dll 1.0.1.17 (OpenSSL 1.0.1 is end-of-life since more than 3 years; the last version was 1.0.1.20),” he said in an advisory published on the Full Disclosure mailing list. “This POOR (really: TOTAL lack of proper) software engineering alone disqualifies this vendor and its ‘security’ products!”

Related: DLL Hijacking Flaws Patched in Trend Micro Password Manager

Related: Dozen Flaws Found in Trend Micro Email Encryption Gateway

Related: Code Execution Flaws Found in Trend Micro Smart Protection Server

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.