Security Experts:

Connect with us

Hi, what are you looking for?



Trend Micro Patches More Vulnerabilities in Anti-Threat Toolkit

An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019.

An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019.

Trend Micro ATTK allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections. ATTK is also used by other Trend Micro products, including WCRY Patch Tool and OfficeScan Toolbox.

Researcher John Page, aka hyp3rlinx, discovered last year that ATTK was affected by a vulnerability that could have been exploited by a remote attacker to execute arbitrary code with elevated privileges by planting malicious files named cmd.exe or Regedit.exe in the same directory as the tool. The malicious files would get executed by the application when a scan was initiated.

The vulnerability, tracked as CVE-2019-9491, was patched in mid-October with the release of version

Researcher Stefan Kanthak has also analyzed the vulnerability and discovered that Trend Micro has failed to patch it completely. Kanthak has identified three other similar attack methods that can be launched against ATTK to execute arbitrary code by planting specially crafted files in specific locations.

He informed Trend Micro of his findings on October 23 and the cybersecurity firm last week released another update, version, to patch the new flaws.

Trend Micro has updated its advisory for CVE-2019-20358 and assigned a second CVE identifier, CVE-2019-20358, to the related vulnerabilities discovered by Kanthak.

While exploitation of the flaws requires physical or remote access to the targeted system, Trend Micro has advised customers to install the patches as soon as possible.

Kanthak also claims to have identified some issues in how Trend Micro developed its ATTK product.

“The Trend Micro Anti-Threat Toolkit inspected in October 2019 was built from scrap: the developers used VisualStudio 2008 (end-of-life since two years), linked against an outdated and vulnerable LIBCMT, shipped an outdated and vulnerable cURL 7.48 plus an outdated and vulnerable libeay32.dll (OpenSSL 1.0.1 is end-of-life since more than 3 years; the last version was,” he said in an advisory published on the Full Disclosure mailing list. “This POOR (really: TOTAL lack of proper) software engineering alone disqualifies this vendor and its ‘security’ products!”

Related: DLL Hijacking Flaws Patched in Trend Micro Password Manager

Related: Dozen Flaws Found in Trend Micro Email Encryption Gateway

Related: Code Execution Flaws Found in Trend Micro Smart Protection Server

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.