- Apr 5, 2014
- 6,001
A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines.
The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or Trend Micro Password Manager).
Ormandy – who previously discovered a somewhat similar flaw in Trend Micro’s technology – described the latest flaw as “ridiculous”.
Trend Micro issued a patch for the flaw on Wednesday, a little over a week after Ormandy reported the bug to it on 22 March. The patch is not complete but does address the most critical issues at hand, according to Trend.
In a statement, Trend Micro explained its handling of the bug, which it points out affects only its consumer security software and not its enterprise technology.
The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or Trend Micro Password Manager).
Ormandy – who previously discovered a somewhat similar flaw in Trend Micro’s technology – described the latest flaw as “ridiculous”.
Trend Micro issued a patch for the flaw on Wednesday, a little over a week after Ormandy reported the bug to it on 22 March. The patch is not complete but does address the most critical issues at hand, according to Trend.
In a statement, Trend Micro explained its handling of the bug, which it points out affects only its consumer security software and not its enterprise technology.