SafeBreach Labs has published three major vulnerability disclosures which concern three popular and widely-used software products.
The first deals with Trend Micro’s antivirus product Trend Micro Security 16, the second concerns Kaspersky’s VPN product Kaspersky Secure Connection and the third involves the Autodesk Desktop Application.
SafeBreach discovered that all of these products contain security flaws which can lead to privilege escalation and persistence by loading an arbitrary unsigned DLL into a service that runs as NT Authority/System.
- Nvidia Geforce users need to patch their systems now
- Security flaw in Bitdefender Antivirus Free 2020 leaves millions at risk
- Also check out the best patch management tools of 2019
This is exactly the same type of flaw that the firm disclosed in BitDefender Antivirus Free 2020 back in September.
SafeBreach’s team has written “proof of concept” code to demonstrate how they were able to compile a replacement DLL file and set it to load instead of the legitimate one for Trend Micro Security 16, Kaspersky Secure Connection and Autodesk.
The firm’s replacement DLL files lead to privilege escalation through code execution at the highest authority level since none of the three products have any kind of DLL validation procedure in place. To make matters worse, these security products are typically set to auto-launch when a user turns on their system which means that any malicious payloads will also be persistent.
SafeBreach reported the vulnerabilities to the software vendors in July and all three companies confirmed them within a few weeks. Trend Micro published a security advisory first on November 25 for CVE-2019-15628 and this was followed by Autodesk releasing a security advisory of its own a day later for CVE-2019-7365. Kaspersky provided regular status updates for its customers concerning the CVE-2019-15689 vulnerability.
Trend Micro has patched the problem already with the release of version 16.0.1227 of Trend Micro Security 2016 and users running any version below 16.0.1221 should update their software immediately. Kaspersky and Autodesk are also working on patches and users should patch their software when these fixes become available.