Release Date: March 22, 2017
CVE: 2017-5565
Platform(s):Windows
Summary
Trend Micro has released an update which helps Trend Micro defend against an OS-level security issue that could potentially be exploited in Trend Micro Security 2017 when someone with administrative user rights attempts to inject a DLL to a Trend Micro process by taking advantage of Microsoft’s Standard Application Verifier Provider DLL.
This potential security issue has been dubbed “DoubleAgent” and is said to affect anti-malware products from multiple vendors. Due to the seriousness of this issue, Trend Micro recommends that users of Trend Micro Security update their security software as soon as possible.
Affected version
- Trend Micro Premium Security 2017
- Trend Micro Maximum Security 2017
- Trend Micro Internet Security 2017
- Trend Micro Antivirus+ Security 2017
Solution
As of March 30, 2017, the resolution for this issue is now available from Trend Micro's ActiveUpdate server. Trend Micro Security 2017 customers will receive the fix on the next scheduled update or manually download it by clicking > About the Software on the main console. The latest version is 11.1.1045.
References
Trend Micro Security Bulletin: https://success.trendmicro.com/solution/1116957
CVE Bulletin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5565