Release Date: January 26, 2024
Trend Micro Vulnerability Identifier: CVE-2024-23940
Platform(s): Windows OS
Summary
Trend Micro has released a new version of Trend Micro uiAirSupport. This update addresses a vulnerability that previously allowed unauthorized impersonation and modification of the library, potentially enabling the execution of code on the affected systems running the Trend Micro Security 2023 family of consumer products.
Affected version(s)
Product | Affected version(s) | Platform | Language(s) |
---|---|---|---|
Premium Security - uiAirSupport | Version 6.0.2092 and below | Microsoft Windows | English |
Maximum Security - uiAirSupport | Version 6.0.2092 and below | Microsoft Windows | English |
Internet Security - uiAirSupport | Version 6.0.2092 and below | Microsoft Windows | English |
Antivirus + Security - uiAirSupport | Version 6.0.2092 and below | Microsoft Windows | English |
Solution
Product | Affected version(s) | Platform | Language(s) |
---|---|---|---|
All Versions Above | Version 6.0.2103 | Microsoft Windows | English |
Trend Micro has released a version to resolve this issue:
Vulnerability Details
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Renato Garreton for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro technical support for further assistance.