14 DAY TRIAL // Everybody trusts antiviruses because they are supposed to assure a smooth system performance and block potential threats that might affect our computer working experience. But all it needs is a security vulnerability and the entire system goes crazy: the antivirus, your friend, turns into your worst enemy, and is able to allow intruders invade your computer and access your private information. I'm not sure if today's piece of vulnerability is that critical, but Trend Micro ServerProtect, a security solution addressed to enterprises, must be patched as soon as possible.
SecurityFocus today reported a vulnerability in Trend Micro's technology that may allow an attacker to get control over the affected system. "The issues occur because the application fails to properly restrict access to certain DCE/RPC methods. Will full access to the filesystem, attackers may be able to execute arbitrary code with SYSTEM-level privileges and completely compromise affected computers", SecurityFocus wrote in the notification published today.
It seems like the glitch affects ServerProtect 5.58 with Security Patch 3 installed, but other versions may be affected as well. It's not confirmed yet, but it appears that Security Patch 4, released some time ago, patches this flaw and doesn't let attackers exploit the vulnerability. However, Trend Micro wrote in the SP4 description that "this security patch addresses buffer overflow vulnerabilities in ServerProtect modules "EarthAgent.exe", "eng50.dll", "StRpcSrv.dll", and "StCommon.dll".
For those of you who don't know, Trend Micro ServerProtect is an enterprise solution powered by Trend Micro that is supposed to block viruses and other threats on multiple platforms. ServerProtect comes in multiple flavors including ServerProtect for EMC Cellerra, ServerProtect for Linux, ServerProtect for Microsoft Windows/Novell Netware and ServerProtect for Network Appliance Filers.
If you want to get more information about the vulnerability and/or to download the Security Patch 4 provided by Trend Micro, check out this link pointing to the fix.