Release Date: September 8, 2016
Trend Micro Vulnerability Identifier: 2016-0125
Platform(s): Windows OS
Trend Micro released a new build of the Trend Micro Security family of consumer-focused products. This update resolves vulnerability in the product that could potentially expose kernel debugging information.
|Premium Security||10.0.1186 and below||Microsoft Windows||English|
|Maximum Security||10.0.1186 and below||Microsoft Windows||English|
|Internet Security||10.0.1186 and below||Microsoft Windows||English|
|Antivirus + Security||10.0.1186 and below||Microsoft Windows||English|
Trend Micro has released an update to resolve this issue and customers should receive the update automatically as long as they are connected to the Internet.
|Product Versions||Update Build||Platform|
|All 2016 Trend Micro Security Products (version 10)||10.0.1288||Windows OS|
This update resolves a vulnerability in one of Trend Micro Security Network Content Inspection drivers. When an attacker triggers a null pointer dereference it would produce a driver fault and BSOD. The resulting exceptions can be used to elevate privileges or leak the kernel debugging information. Such information will be valuable in planning subsequent attacks.
Trend Micro has not received any reports and is not aware of any actual attacks against the affected products related to the Kernel Driver Null Pointer Deference vulnerability at this time.
None identified. Customers are advised to ensure they always have the latest version of the program.
Trend Micro would like to thank the following individuals for responsibly reporting this issue and working with Trend Micro to help protect our customers:
- Enrique Elias Nissim
- Jaanus Kp of Clarified Security working with Trend Micro's Zero Day Initiative
- @bee13oy of CloverSec Labs working with Trend Micro's Zero Day Initiative
- Kasif Dekel & Gal Elbaz of Check PointSecurity Research Team
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.