An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019.
Trend Micro ATTK allows users to perform forensic scans of their system and clean rootkit, ransomware, MBR and other types of malware infections. ATTK is also used by other Trend Micro products, including WCRY Patch Tool and OfficeScan Toolbox.
Researcher John Page, aka hyp3rlinx, discovered last year that ATTK was affected by a vulnerability that could have been exploited by a remote attacker to execute arbitrary code with elevated privileges by planting malicious files named cmd.exe or Regedit.exe in the same directory as the tool. The malicious files would get executed by the application when a scan was initiated.
The vulnerability, tracked as CVE-2019-9491, was patched in mid-October with the release of version 1.62.0.1223.
Researcher Stefan Kanthak has also analyzed the vulnerability and discovered that Trend Micro has failed to patch it completely. Kanthak has identified three other similar attack methods that can be launched against ATTK to execute arbitrary code by planting specially crafted files in specific locations.
He informed Trend Micro of his findings on October 23 and the cybersecurity firm last week released another update, version 1.62.0.1228, to patch the new flaws.
Trend Micro has updated its advisory for CVE-2019-20358 and assigned a second CVE identifier, CVE-2019-20358, to the related vulnerabilities discovered by Kanthak.
While exploitation of the flaws requires physical or remote access to the targeted system, Trend Micro has advised customers to install the patches as soon as possible.
..
Support the originator by clicking the read the rest link below.
