Patch out for 'ridiculous' Trend Micro command execution vuln

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines.

The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or Trend Micro Password Manager).

Ormandy – who previously discovered a somewhat similar flaw in Trend Micro’s technology – described the latest flaw as “ridiculous”.

Trend Micro issued a patch for the flaw on Wednesday, a little over a week after Ormandy reported the bug to it on 22 March. The patch is not complete but does address the most critical issues at hand, according to Trend.

In a statement, Trend Micro explained its handling of the bug, which it points out affects only its consumer security software and not its enterprise technology.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Does anyone even use Trend Micro these days ?
In my opinion it's one of the worst "consumer" products available on the market, I don't know about the Enterprise edition though.
Great share omidomi. PeAcE
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@_CyberGhosT_: Yes some on the other areas where TM use the Enterprise/Endpoint version, meanwhile here in MT its @McLovin and few others.

Well vulnerabilities like in TM is a different side of story, and one of possible issues which commonly happen on security companies are rely on offense rather defense.
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
@_CyberGhosT_ I use Trend and have done so for the past 8 years or more. Yes I've tried other products but have always come back to this product. If you want to know how well it performs now a days, go check out my posts in the MalwareHub.
It's not the worst "consumer" product, yet its not the best, but claiming that it's the worst products out there is a very big accusation. Trend's webfilter and now it's Suspicious file and software blocker are Trend's strong points. Yest it's a cloud based antivirus and needs and internet connection, but if you think about it, I don't know anyone within my friend circle that doesn't have internet.

Plus with this bug that has happened it has and only happened if you buy the full suite, and what I mean by that is, there is Trend Micro antivirus, internet security, Maximum security, and premium security. The internet security and the antivirus do not come with the extra features like a password manager, a separate program with parental controls. I haven't really dealt with the enterprise side of Trend, so can't really say much there, but all in all everyone company has mistakes and flaws, so it's just that they fix it and move on.

Hope this has helped you out @_CyberGhosT_
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top