Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Advisories

Advisories

Trend Micro Rushes to Patch 0-Day Vulnerability

After a proof of concept exploit for its Internet Security product line has been released

By Lucian Constantin, Web News Editor

3rd of April 2009, 10:21 GMT

Adjust text size:


Trend Micro Internet Security 0-day vulnerability announced
Enlarge picture
The development department at anti-virus vendor Trend Micro has been recently hard at work to plug a hole in the Internet Security 2008 and 2009 products after someone posted a PoC exploit for it.

Trend Micro is one of the largest providers of anti-virus and security solutions in the world. Its flagship product is PC-cillin Internet Security, currently known as Trend Micro Internet Security (TIS). The company also develops HouseCall, one of the first free online anti-virus scanners.

On 30 March 2009, someone going by the handle of "b1@ckeYe" posted a proof-of-concept exploit code for a privilege escalation vulnerability, affecting TIS 2008 and 2009, both standard and professional editions, on the exploit-tracking website milw0rm.

The flaw is located in the 2.52.0.1002 version of the tmactmon.sys (TrendMicro Activity Monitor Module) component and is classified by SecurityFocus as a boundary-condition error. The PoC creator credits research on driver flaws exploitation by Ruben Santamarta.

A day later, on 31 March 2009, Positive Technologies, a Russian security company, released a public advisory about the same vulnerability, which credited an in-house researcher, Nikita Tarakanov, with its discovery.

According to the advisory,  Positive Technologies attempted to report the issue to Trend Micro on February 2nd and February 12th 2009, both times without receiving any response. "The IOCTL handler in tmactmon.sys uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate buffer data associated with the Irp object, which allows local users to gain SYSTEM privilieges," the company explains.

Softpedia has been in contact with Trend Micro since this exploit got published and has been kept informed about the mitigation efforts. Even though most publicly available advisories still describe this vulnerability (CVE-2009-0686) as being unpatched, a Trend Micro representative told us that, "The patch was QAd [quality assured] and released inside 24 hours of the release of the information on milw0rm."

Vulnerabilities being discovered in security software is not too uncommon and Trend Micro is certainly not at its first. Back in December 2008, we wrote about a highly critical vulnerability affecting another of the company's products, HouseCall, which had been disclosed by security research company Secunia. In April 2008, we also reported a denial of service weakness in Bitdefender Antivirus.

TAGS:

 Trend Micro | Internet Security | privilege escalation | 0-day vulnerability | PoC exploit
Read by 1,423 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Trend Micro HouseCall Scanner Poses Security Risk

Trend Micro Antivirus Definitions Crash Computers

0-Day Exploit for Critical Firefox Vulnerability Released

No Click Required to Exploit 0-day Adobe Reader Vulnerability

BitDefender Antivirus 2008 Needs Updates

HackersBlog Packs Up Shop and Waves Goodbye

User opinions:


Comment #1 by: Tom on 17 Apr 2009, 17:38 GMT reply to this comment

As of 4/17, this Trend Micro Knowledgebase article:

http://esupport.trendmicro.com/Pages/Vulnerability-Awareness-161478-AEGIS-Execute-arbitrary-code-in-kernel-space-via-a-specially-crafted-IOCTL.aspx

says "updates will be issued", not "updates are available". There don't seem to be any links in this Knowledgebase article to downloads of updated Trend Micro products. Also, it says they only heard about the problem 3/31, there's no discussion of why they didn't respond to the 2/2 and 2/12 warnings. If the earlier warnings were sent to the wrong address at Trend Micro, they need to highlight the correct address to send warnings to.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive