Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1490 Multiple vulnerabilities have been identified in Trend Micro Maximum Security 14 June 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Trend Micro Maximum Security Publisher: Zero Day Initiative Operating System: Windows Impact/Access: Administrator Compromise -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade Original Bulletin: http://www.zerodayinitiative.com/advisories/ZDI-17-395/ http://www.zerodayinitiative.com/advisories/ZDI-17-396/ Comment: This bulletin contains two (2) Zero Day Initiative security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Trend Micro Maximum Security tmusa Kernel Driver Untrusted Pointer Dereference Denial of Service Vulnerability ZDI-17-395: June 13th, 2017 CVSS Score 4.7, (AV:L/AC:M/Au:N/C:N/I:N/A:C) Affected Vendors Trend Micro Affected Products Maximum Security Vulnerability Details This vulnerability allows local attackers to deny service on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x00222813 in tmusa.sys. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this to deny service to the system. Vendor Response Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/1117509 Disclosure Timeline 2017-02-02 - Vulnerability reported to vendor 2017-06-13 - Coordinated public release of advisory Credit This vulnerability was discovered by: bee13oy of CloverSec Labs - ------------------------------------------------------------------------------- Trend Micro Maximum Security tmusa Time-Of-Check/Time-Of-Use Privilege Escalation Vulnerability ZDI-17-396: June 13th, 2017 CVSS Score 6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C) Affected Vendors Trend Micro Affected Products Maximum Security Vulnerability Details This vulnerability allows local attackers to escalate privilege on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x222813. The issue results from a time-of-check/time-of-use vulnerability, which allows an attacker to change a field that is being used by the kernel. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Vendor Response Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/1117509 Disclosure Timeline 2017-03-28 - Vulnerability reported to vendor 2017-06-13 - Coordinated public release of advisory Credit This vulnerability was discovered by: Jaanus Kp Clarified Security - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWUDRvYx+lLeg9Ub1AQgZcw//fQQX8G5ehi/YUsSWNfCRjuYwtKQh5Ojs sA7C7HxYIKDIMR8lT3pr5YiKGBoPLmx868HKyINMeyAKtWgjrYl6EQ1a8PJWvJRt XI6KgEIOi3NxWgTRPyWFvSKkBN3gORm3qV+5ZBcowjgdNu0OfOZbtNGpF69+nUBD 729nW69xZdRN0f9Ly9tuRWGfGmmworsSbPSaOfYVB+famiLxVj3W0ibfTQ9bIn5K 8fLiq9/nPlp/H2XxHqajuKlw1sWHL5+kJJoZC8bISfUOQou5nnRnGFtcpaBId8ln HbPk5fPOYLsLTICgrbMW6hVPA5At/HkA465wiqTYvNqnv9/zKVe+dZUxhZgQ5pQ6 hpoAUvOfTYPRzdiVUPy5aAq0rkzHIBBFZcywmejKn5eI0s1P94XTIGvhc+0yOkci +pBUAhCr7r8sD9YBKqP0bMXjVWBQqO7mnFWhF0xghzK5hyyn+BOl4vWcXlfg+5ck tHuHFAiMWenS/38mj0MFREtstSbtmBN8h1YdlTa1sayhu/Rcp0TEMh6FcMycSMa5 huiQalQmdtVrYcsa+O3a5I1N2xbHJMWDYBrEXT1x3mGUMt4jx4eVxvO1beFsI0FN yhbzqcBz7oOIinzm6FY9pGk7QdAXW/TVJx/NF0whaU/Nx136/dJhYbWrj05wWB2y C4dMZgP9IsU= =psPH -----END PGP SIGNATURE-----