News

Trend Micro Warns of Scan Engine Vulnerability

Anti-virus (AV) specialist Trend Micro Inc. last week warned of a flaw in its AV scanning engine that could result in denial-of-service (DoS) or system takeover.

The flaw affects a variety of products, including Trend Micro's InterScan Messaging Security Suite, InterScan VirusWall, InterScan Web Security Suite, OfficeScan and ServerProtect offerings. Trend Micro's consumer offerings -- such as Trend Micro Antivirus and PC-cillin -- are also affected, officials said.

The vulnerability stems from a corrupted UPX file in Trend Micro's scan engine. An attacker who successfully exploits it can cause a buffer overflow and trigger a Windows Blue Screen of Death (BSOD) or -- more dangerous still -- potentially execute arbitrary code on the compromised system. In the latter scenario, officials concede, an attacker could take control of the system.

The vulnerability was first reported by iDefense Vulnerability Labs, a security researcher based in Sterling, Virginia.

According to iDefense researchers, the flaw can be exploited by means of common protocols, such as SMTP, HTTP or FTP; nor must an attacker successfully authenticate to be able to exploit the vulnerability, iDefense says.

The worst-case scenario -- remote execution of arbitrary code -- stems from the fact that (in Windows environments) the Trend Micro scan engine runs in the kernel context. Under Linux, the engine runes as a daemon with superuser privileges, iDefense researchers say. The upshot, in any case, is severe: an attacker can take complete control of a compromised system, assuming she's first able to successfully execute her malicious payload.

Trend Micro advises customers to update their virus pattern files to 4.245.00. It also plans to incorporate a fix into its upcoming Scan Engine version 8.5 release. In addition, Trend Micro officials say, the AV specialist also distributes a fix for the flaw via its automatic update feature.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.