Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trend Micro AV gave any website command-line access to Windows PCs


  • Please log in to reply
2 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,017 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 12 January 2016 - 06:14 PM

Updated PCs running Trend Micro's Antivirus on Windows can be hijacked, infected with malware, or wiped clean by any website, thanks to a vulnerability in the security software.

The design blunders were discovered by Google Project Zero bod Tavis Ormandy. A patch is now available to address the remote-code execution flaw, so Trend Micro users should update their software as soon as possible.

Ormandy, who has been auditing widely used security packages, analyzed a component in Trend's AV software dubbed the Password Manager. He found that multiple HTTP RPC ports for handling API requests were accessible.

"It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute()," he wrote in a bug report to Trend.

This means that any webpage visited by a victim could run a script that uses Trend Micro's AV to run commands directly on the machine – such as RD C:\ /S /Q to wipe the system drive, or commands to download and install malware. As another example, this code uninstalls Trend Micro's security software on a PC without the owner's knowledge or consent.

 

Article

 

The software has been patched via an update but I am surprised Trend Micro let this get through.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 PM

Posted 12 January 2016 - 06:23 PM

Not surprised of this at all. Hell, they don't even include signature based detections for Cryptoware if you're not on the latest version of their product and they don't warn you at all about it. It's when you directly ask them that they finally answer. Seriously, TrendMicro isn't worth using at all, at home like at work.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:56 PM

Posted 12 January 2016 - 06:27 PM

Gives some validity to this topic...Antivirus/antimalware could make you more vulnerable
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users