Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Trend Micro Patches More Vulnerabilities in Anti-Threat Toolkit

An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019.

An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019.

Trend Micro ATTK allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections. ATTK is also used by other Trend Micro products, including WCRY Patch Tool and OfficeScan Toolbox.

Researcher John Page, aka hyp3rlinx, discovered last year that ATTK was affected by a vulnerability that could have been exploited by a remote attacker to execute arbitrary code with elevated privileges by planting malicious files named cmd.exe or Regedit.exe in the same directory as the tool. The malicious files would get executed by the application when a scan was initiated.

The vulnerability, tracked as CVE-2019-9491, was patched in mid-October with the release of version 1.62.0.1223.

Researcher Stefan Kanthak has also analyzed the vulnerability and discovered that Trend Micro has failed to patch it completely. Kanthak has identified three other similar attack methods that can be launched against ATTK to execute arbitrary code by planting specially crafted files in specific locations.

He informed Trend Micro of his findings on October 23 and the cybersecurity firm last week released another update, version 1.62.0.1228, to patch the new flaws.

Trend Micro has updated its advisory for CVE-2019-20358 and assigned a second CVE identifier, CVE-2019-20358, to the related vulnerabilities discovered by Kanthak.

While exploitation of the flaws requires physical or remote access to the targeted system, Trend Micro has advised customers to install the patches as soon as possible.

Advertisement. Scroll to continue reading.

Kanthak also claims to have identified some issues in how Trend Micro developed its ATTK product.

“The Trend Micro Anti-Threat Toolkit inspected in October 2019 was built from scrap: the developers used VisualStudio 2008 (end-of-life since two years), linked against an outdated and vulnerable LIBCMT, shipped an outdated and vulnerable cURL 7.48 plus an outdated and vulnerable libeay32.dll 1.0.1.17 (OpenSSL 1.0.1 is end-of-life since more than 3 years; the last version was 1.0.1.20),” he said in an advisory published on the Full Disclosure mailing list. “This POOR (really: TOTAL lack of proper) software engineering alone disqualifies this vendor and its ‘security’ products!”

Related: DLL Hijacking Flaws Patched in Trend Micro Password Manager

Related: Dozen Flaws Found in Trend Micro Email Encryption Gateway

Related: Code Execution Flaws Found in Trend Micro Smart Protection Server

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.