DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 19, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 84 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

TrendMicro bug gave attacker free reigns to your PC

Posted on Wednesday, January 13 2016 @ 18:45:36 CET by


TrendMicro recently pushed out a new version of its Antivirus solution that contained a very significant security vulnerability. People install an anti-virus tool to improve the security of their system, but one of TrendMicro's latest updates to the software' password manager left the door wide open and allowed remote attackers to execute commands and steal passwords.

The security flaw was discovered by security researcher Tavis Ormandy of Google's Project Zero. After installing TrendMicro Antivirus, he noticed that the software's password management component opened up a few network ports to fire up a web server that exposes utility APIs to the Internet. It took Ormandy just 30 seconds to spot one that allowed arbitrary command execution:
The researcher provided a proof-of-concept page that would uninstall the TrendMicro software from a test system. He noted that an attacker could silently exploit the bug, as TrendMicro adds its own self-signed certificate to the system, meaning a victim wouldn't see any security alerts. Adding insult to TrendMicro's injury, he then found out that additional vulnerabilities in the way the password manager handled management commands originating from TrendMicro's servers. These vulnerabilities could let an attacker steal the user's stored passwords, even if they were encrypted.
The findings were shared with TrendMicro, which has since patched its software.

Source: The Tech Report



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba