U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google hacker criticized TrendMicro for critical flaws

A hacker with Google Project Zero research team, publicly disclosed critical vulnerabilities in the TrendMicro Antivirus. Tavis Ormandy, a researcher with Google’s Project Zero vulnerability research team, publicly disclosed critical vulnerabilities in TrendMicro Antivirus that could be exploited to execute malicious code on the targeted system. Ormandy took only about 30 seconds to find the […]

Google hacker criticized TrendMicro for critical flaws

A hacker with Google Project Zero research team, publicly disclosed critical vulnerabilities in the TrendMicro Antivirus.

Tavis Ormandy, a researcher with Google’s Project Zero vulnerability research team, publicly disclosed critical vulnerabilities in TrendMicro Antivirus that could be exploited to execute malicious code on the targeted system.

Ormandy took only about 30 seconds to find the first code-execution vulnerability affecting the TrendMicro antivirus program.

trendmicro password manager

An attacker could exploit the security flaws to access contents of a password manager built into the TrendMicro security solution. The attackers can view hashed passwords and the plaintext Internet domains they are used for.

“[The password manager] product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute(). This means any website can launch arbitrary commands, like this:”

x = new XMLHttpRequest()
x.open("GET", "https://localhost:49155/api/openUrlInDefaultBrowser?url=c:/windows/system32/calc.exe true); try { x.send(); } catch (e) {};

The expert highlighted that an attacker can exploit the flaws even if users never launch the password manager.

“I don’t even know what to say—how could you enable this thing *by default* on all your customer machines without getting an audit from a competent security consultant?” explained Ormandy “You need to come up with a plan for fixing this right now. Frankly, it also looks like you’re exposing all the stored passwords to the internet, but let’s worry about that screw up after you get the remote code execution under control.”

The Google expert criticized TrendMicro for approaching in the wrong way the threat and fix the issues. Ormandy highlighted the serious risks for end-users inviting the company to disable the feature.

“So this means, anyone on the internet can steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction. I really hope the gravity of this is clear to you, because I’m astonished about this.” Ormandy added. “In my opinion, you should temporarily disable this feature for users and apologise for the temporary disruption, then hire an external consultancy to audit the code. In my experience dealing with security vendors, users are quite forgiving of mistakes if vendors act quickly to protect them once informed of a problem, I think the worst thing you can do is leave users exposed while you clean this thing up. The choice is yours, of course.”

Despite TrendMicro released an emergency fix, according to Ormandy the password manager still represents an open door for hackers.

“I’m still concerned that this component exposes nearly 70 API’s (!!!!) to the internet, most of which sound pretty scary. I tell them I’m not going to through them, but that they need to hire a professional security consultant to audit it urgently.

Recently other security software have been found vulnerable to cyber attacks, including FireEye, McAfee, Kaspersky and AVG.

Pierluigi Paganini

(Security Affairs – Antivirus, TrendMicro)