Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1490
Multiple vulnerabilities have been identified in Trend Micro
Maximum Security
14 June 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Trend Micro Maximum Security
Publisher: Zero Day Initiative
Operating System: Windows
Impact/Access: Administrator Compromise -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
Original Bulletin:
http://www.zerodayinitiative.com/advisories/ZDI-17-395/
http://www.zerodayinitiative.com/advisories/ZDI-17-396/
Comment: This bulletin contains two (2) Zero Day Initiative security
advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Trend Micro Maximum Security tmusa Kernel Driver Untrusted Pointer
Dereference Denial of Service Vulnerability
ZDI-17-395: June 13th, 2017
CVSS Score
4.7, (AV:L/AC:M/Au:N/C:N/I:N/A:C)
Affected Vendors
Trend Micro
Affected Products
Maximum Security
Vulnerability Details
This vulnerability allows local attackers to deny service on vulnerable
installations of Trend Micro Maximum Security. An attacker must first
obtain the ability to execute low-privileged code on the target system in
order to exploit this vulnerability.
The specific flaw exists within the processing of IOCTL 0x00222813 in
tmusa.sys. The issue results from the lack of proper validation of a
user-supplied value prior to dereferencing it as a pointer. An attacker
can leverage this to deny service to the system.
Vendor Response
Trend Micro has issued an update to correct this vulnerability. More
details can be found at:
https://success.trendmicro.com/solution/1117509
Disclosure Timeline
2017-02-02 - Vulnerability reported to vendor
2017-06-13 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:
bee13oy of CloverSec Labs
- -------------------------------------------------------------------------------
Trend Micro Maximum Security tmusa Time-Of-Check/Time-Of-Use Privilege
Escalation Vulnerability
ZDI-17-396: June 13th, 2017
CVSS Score
6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Affected Vendors
Trend Micro
Affected Products
Maximum Security
Vulnerability Details
This vulnerability allows local attackers to escalate privilege on
vulnerable installations of Trend Micro Maximum Security. An attacker
must first obtain the ability to execute low-privileged code on the target
system in order to exploit this vulnerability.
The specific flaw exists within the processing of IOCTL 0x222813. The issue
results from a time-of-check/time-of-use vulnerability, which allows an
attacker to change a field that is being used by the kernel. An attacker
can leverage this vulnerability to escalate privileges to SYSTEM.
Vendor Response
Trend Micro has issued an update to correct this vulnerability. More
details can be found at:
https://success.trendmicro.com/solution/1117509
Disclosure Timeline
2017-03-28 - Vulnerability reported to vendor
2017-06-13 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:
Jaanus Kp
Clarified Security
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWUDRvYx+lLeg9Ub1AQgZcw//fQQX8G5ehi/YUsSWNfCRjuYwtKQh5Ojs
sA7C7HxYIKDIMR8lT3pr5YiKGBoPLmx868HKyINMeyAKtWgjrYl6EQ1a8PJWvJRt
XI6KgEIOi3NxWgTRPyWFvSKkBN3gORm3qV+5ZBcowjgdNu0OfOZbtNGpF69+nUBD
729nW69xZdRN0f9Ly9tuRWGfGmmworsSbPSaOfYVB+famiLxVj3W0ibfTQ9bIn5K
8fLiq9/nPlp/H2XxHqajuKlw1sWHL5+kJJoZC8bISfUOQou5nnRnGFtcpaBId8ln
HbPk5fPOYLsLTICgrbMW6hVPA5At/HkA465wiqTYvNqnv9/zKVe+dZUxhZgQ5pQ6
hpoAUvOfTYPRzdiVUPy5aAq0rkzHIBBFZcywmejKn5eI0s1P94XTIGvhc+0yOkci
+pBUAhCr7r8sD9YBKqP0bMXjVWBQqO7mnFWhF0xghzK5hyyn+BOl4vWcXlfg+5ck
tHuHFAiMWenS/38mj0MFREtstSbtmBN8h1YdlTa1sayhu/Rcp0TEMh6FcMycSMa5
huiQalQmdtVrYcsa+O3a5I1N2xbHJMWDYBrEXT1x3mGUMt4jx4eVxvO1beFsI0FN
yhbzqcBz7oOIinzm6FY9pGk7QdAXW/TVJx/NF0whaU/Nx136/dJhYbWrj05wWB2y
C4dMZgP9IsU=
=psPH
-----END PGP SIGNATURE-----