Home Hacking News Remote Code Execution Vulnerability Found In Trend Micro Anti-Threat Toolkit (ATTK)

Remote Code Execution Vulnerability Found In Trend Micro Anti-Threat Toolkit (ATTK)

by Abeerah Hashim
Java RMI SSRF vulnerabilities

The Anti-Threat Toolkit (ATTK) by Trend Micro is a dedicated tool for fending off malware infections. However, like any other antimalware, this tool is also prone to security flaws. Recently, a researcher has found a vulnerability in Trend Micro ATTK that allows remote code execution.

About Trend Micro Anti-Threat Toolkit (ATTK) Vulnerability

Researcher John Page, who goes by the alias hyp3rlinx, has reportedly found a security vulnerability in Trend Micro ATTK.

Explaining about the flaw in his advisory, he stated that the flaw enabled a potential attacker to execute code. Ironically, exploiting this vulnerability could, therefore, permit running malware.

Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE files if a malware author happens to use the vulnerable naming convention of “cmd.exe” or “regedit.exe” and the malware can be placed in the vicinity of the ATTK when a scan is launched by the end-user.
Since the ATTK is signed by verified publisher and therefore assumed trusted any MOTW security warnings are bypassed if the malware was internet downloaded

The vulnerability could serve as a persistent vector for running the malware and could execute the code each time ATTK would run.

In addition to the advisory, the researcher has also shared a PoC video for the exploit.

Trend Micro Released The Fix

Upon discovering the flaw CVE-2019-9491, the researcher reported the matter to Trend Micro in September. The vendors confirmed the vulnerability after a few days passed.

The flaw affected ATTK versions and below for Windows. Following his report, Trend Micro has recently released an updated version of the ATTK that patches the bug. Users should ensure updating their systems to ATTK version to prevent potential exploit.

In other news, Avast has recently suffered a security breach. They endured an attack on their systems that aimed at infecting their CCleaner app.

Let us know your thoughts in the comments.

You may also like