DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 19, 2019 
Main Menu
News archives

Who's Online
There are currently 181 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

TrendMicro bug gave attacker free reigns to your PC

Posted on Wednesday, January 13 2016 @ 18:45:36 CET by

TrendMicro recently pushed out a new version of its Antivirus solution that contained a very significant security vulnerability. People install an anti-virus tool to improve the security of their system, but one of TrendMicro's latest updates to the software' password manager left the door wide open and allowed remote attackers to execute commands and steal passwords.

The security flaw was discovered by security researcher Tavis Ormandy of Google's Project Zero. After installing TrendMicro Antivirus, he noticed that the software's password management component opened up a few network ports to fire up a web server that exposes utility APIs to the Internet. It took Ormandy just 30 seconds to spot one that allowed arbitrary command execution:
The researcher provided a proof-of-concept page that would uninstall the TrendMicro software from a test system. He noted that an attacker could silently exploit the bug, as TrendMicro adds its own self-signed certificate to the system, meaning a victim wouldn't see any security alerts. Adding insult to TrendMicro's injury, he then found out that additional vulnerabilities in the way the password manager handled management commands originating from TrendMicro's servers. These vulnerabilities could let an attacker steal the user's stored passwords, even if they were encrypted.
The findings were shared with TrendMicro, which has since patched its software.

Source: The Tech Report



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba