Views:

Release Date: March 28, 2023

CVE Vulnerability Identifier: CVE-2023-28929

Platform(s): Microsoft Windows

CVSS: 3.1

Scores: 8.6: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity Rating: Medium

Summary

Trend Micro has released an update via ActiveUpdate for the Trend Micro Security for Windows family of consumer products (2021,2022, and 2023) which resolves a DLL hijacking vulnerability.

Affected version(s)

PRODUCTAFFECTED VERSION(S)PLATFORMLANGUAGE(S)
Trend Micro Security2022/2023 (17.7.1476 and below)Microsoft WindowsEnglish
Trend Micro Security2021 (17.0.1412 and below)Microsoft WindowsEnglish

Solution

Trend Micro has released an update via ActiveUpdate for each version below that resolves the issue.

PRODUCTAPPLICABLE VERSION(S)PLATFORMLANGUAGE(S)
Trend Micro Security2022/2023 (17.7.1634 and below)Microsoft WindowsEnglish
Trend Micro Security2021 (17.0.1426 and below)Microsoft WindowsEnglish

Vulnerability Details

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

  • Nippon Telegraph and Telephone Corporation, NTT Security (Japan) KK, NTT DATA Corporation
    • Rintaro Fujita
    • Hiroki Hada
    • Hiroki Mashiko

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Add a comment