Friday, June 24, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home News

Privilege Escalation Vulnerability Discovered in Trend Micro Password Manager.

Cybersecfill by Cybersecfill
August 15, 2019
in News
0
Trend Micro password manager Vulnerability
Share on FacebookShare on Twitter

Peleg Hadar, a security researcher at safe breach Labs has discovered a vulnerability in the Trend Micro Password Manager software.

About Trend Micro Password Manager

Trend Micro Password Manger is a standalone software that helps manage website passwords and login IDs in one secure location.

Trend Micro Password Manager’s Vulnerability

Trend Micro Password Manager Central Control service (Pvmsvc.exe) runs as NT AUTHORITY\SYSTEM which is the most privileged account and might be exposed to a user-to-SYSTEM privilege escalation if attacked.

A potential attacker can use this service as a persistence mechanism because it automatically starts once the computer boots.

The executable of the “PwmSvc.exe” is signed by Trend Micro hence if an attacker finds a way to execute code withing this process, it can be used as an application whitelisting bypass.

How Attackers can Leverage on Trend Micro’s Vulnerability

  1.  Signed Execution and Whitelisting Bypass: This gives an attacker the ability to load and execute malicious service using a signed service(PwmSvc.exe).
  2. Privilege Escalation: An attacker may have limited privilege after gaining access to a computer but the service(PwmSvc.exe) provides him the ability to operate as a powerful user in windows.This enables him to access almost all files and processes which belong to the affected user on the computer.
  3. Persistence Mechanism: If an attacker drops a malicious DLL in a vulnerable path, the service will load the malicious code each time it is restarted.This is because,the vulnerability gives an attacker the ability to execute malicious payloads in a persistent way each time the service is being loaded.

Affected Versions

  1.  Trend Micro Maximum Security / Password Manager 15.0.0.1229
  2. Trend Micro Password Manager Service (PwmSvc.exe) – 3.8.0.1069
  3. Tmwlutil.dll 2.97.0.1161

Vulnerability Patch for Trend Micro

Patches were released on August 14, 2019.The vulnerabilities were given a CVSS 3.0 score of 4.3 which makes it a medium severity vulnerability.

This patch includes mitigation for the following vulnerabilities

  1. CVE-2019-14684: A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service’s process.
  2. CVE-2019-14687:  A separate, but similar DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0, utilizing a separate DLL.

According to the bulletin released by Trend Micro Password manger, “Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time” .Trend Micro strongly encourages customers to upgrade to the latest build as soon as possible.

Tags: BingBlogcyberintelligencecybersecurityVulnerabilityYahoo
Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog.

Next Post
What is credential Stuffing?

Credential Stuffing

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions