Trend Micro fixes DLL hijacking vulnerability
Hot on the heels of Black Hat where security vendors spoke to audiences about their ability to protect against breaches, SafeBreach discovered a new vulnerability in Trend Micro Password Manager software that could have led to DLL hijacking, privilege escalation, and code execution attacks.
The company disclosed the bug, tracked as CVE-2019-14684 to Trend Micro, who issued a patch for the vulnerability. Bad actors would have been able to to load arbitrary DLL files into the system, infecting PCs and disrupting usage. They could also have harnessed the DLL hijacking vulnerability, which employed the Trend Micro Password Manager's deep-level escalated system access.
Essentially, because Trend Micro’s Password Manager had high level access to Windows system files, the vulnerability would have enabled threat actors to insert an infected DLL file into the system during the booting stage. Once done, attackers would be able to carry out ransomware attacks on machines by infecting file systems or locking them down.
The vulnerability affected all versions of Trend Micros’s Password Manager, including the standalone app, and as part of its Premium Security and Maximum Security suites. Trend Micro said it is unaware of any instance in which the vulnerability has been taken advantage of, and along with SafeBreach stated that bad actors would have had to have physical access to a vulnerable device to exploit the vulnerability, which dramatically lowers the risk of infection.
Peleg Hadar, security researcher, and Itzik Kotler, co-founder and CTO of SafeBreach, said SafeBreach found the vulnerability using tools which gave them the ability to analyse certain behaviors of the product. “Once we found it, we reported it to Trend Micro’s security team which fixed the problem, and kept us updated during the disclosure process.”
They added that security companies need to continuously test their solutions for vulnerabilities. “However, there is no perfect solution for this kind of problem. Companies all make different efforts in order to develop their products to be more secure, but it’s always crucial to provide security researchers with a way to communicate and report these types of issues.”
As the enterprise security stack becomes ever more complex, it’s important to make sure that all of the products used within the enterprise are kept updated to the latest version, they added.
In addition, by testing different breach methods and checking if they are working, one can reduce complexity, pinpoint the relevant security controls and make changes in their policies.
"After all, you don't know what you don't know,” they concluded.