Remote Code Execution Vulnerability Found In Trend Micro Anti-Threat Toolkit (ATTK)

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

The Anti-Threat Toolkit (ATTK) by Trend Micro is a dedicated tool for fending off malware infections. However, like any other antimalware, this tool is also prone to security flaws. Recently, a researcher has found a vulnerability in Trend Micro ATTK that allows remote code execution.

About Trend Micro Anti-Threat Toolkit (ATTK) Vulnerability

Researcher John Page, who goes by the alias hyp3rlinx, has reportedly found a security vulnerability in Trend Micro ATTK.

Explaining about the flaw in his advisory, he stated that the flaw enabled a potential attacker to execute code. Ironically, exploiting this vulnerability could, therefore, permit running malware.

Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE files if a malware author happens to use the vulnerable naming convention of “cmd.exe” or “regedit.exe” and the malware can be placed in the vicinity of the ATTK when a scan is launched by the end-user.
Since the ATTK is signed by verified publisher and therefore assumed trusted any MOTW security warnings are bypassed if the malware was internet downloaded

The vulnerability could serve as a persistent vector for running the malware and could execute the code each time ATTK would run.

In addition to the advisory, the researcher has also shared a PoC video for the exploit.

Trend Micro Released The Fix

Upon discovering the flaw CVE-2019-9491, the researcher reported the matter to Trend Micro in September. The vendors confirmed the vulnerability after a few days passed.

The flaw affected ATTK versions 1.62.0.1218 and below for Windows. Following his report, Trend Micro has recently released an updated version of the ATTK that patches the bug. Users should ensure updating their systems to ATTK version 1.62.0.1223 to prevent potential exploit.

In other news, Avast has recently suffered a security breach. They endured an attack on their systems that aimed at infecting their CCleaner app.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!