Release Date: November 22, 2019
Platform: Windows OS
Trend Micro has released a new version of the Trend Micro RescueDisk Tool (Rescuedisk.exe) that updates a 3rd party component that is affected by a known vulnerability.
Trend Micro RescueDisk Tool version 220.127.116.111 is the minimum version that addresses this issue.
Trend Micro has released a new build of the tool to resolve this issue:
|Trend Micro RescueDisk Tool||RescueDisk version 18.104.22.1681 with 7zSfx version 19.00||Windows OS|
The latest version of Trend Micro RescueDisk (22.214.171.1241) updates an older 3rd party component (7zSfx) version that is vulnerable to a search order load flaw remote code execution vulnerability (reference: CVE-2016-7804).
Trend Micro has received no reports nor is aware of any actual attacks against the affected tool related to this vulnerability at this time.
Trend Micro would like to thank John Page aka hyp3rlinx (http://hyp3rlinx.altervista.org/) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Customers who have questions are encouraged to contact Trend Micro technical support for further assistance.