Trend Micro Antivirus Was Opening a Node.js Debugging Server on All Machines

Status
Not open for further replies.

Dima007

Level 23
Thread author
Verified
Well-known
Apr 24, 2013
1,200
Source: Trend Micro Antivirus Was Opening a Node.js Debugging Server on All Machines

trend-micro-antivirus-was-opening-a-node-js-debugging-server-on-all-machines-502390-2.jpg


Trend Micro has released new versions of its antivirus and password manager products to address a security issue discovered by Google Project Zero researcher Tavis Ormandy.


According to Mr. Ormandy, on default factory settings, Trend Micro's Maximum Security, Premium Security, and Password Manager products were opening a remote Node.js debugger stub and leaving it to listen for commands on a random localhost port.

Mr. Ormandy put together an exploit that consisted of loading thousands of images that would query the localhost server on a different port number until they would uncover the one open for that client.

He would then make calls via JavaScript to this port, executing commands on the user's machine. The exploit, which was trivial to put together, according to Mr. Ormandy, relied on attackers tricking users into accessing a malicious page, something that's not that out of the ordinary.

Trend Micro delivered a quick fix, a permanent patch is in the works
The researcher contacted Trend Micro staff, who for the past week have been working on a quick fix that would detect the vulnerable port the Node.js debugger was about to start and would initiate another service on it instead, preventing the debugger from binding to the port and shutting down.

This quick patch was released on March 30, but Trend Micro has also started working on a permanent fix. This will take some time to implement, though, as this is a complex operation.

According to Trend Micro, the vulnerability's source is in a module that loads a third-party binary. The Trend Micro team says it will have to crack open that binary, alter its source code to prevent the debugger from starting, and then reintegrate it into their apps' source code. The team estimates this will take around a month.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top