Release Date: January 14, 2020
CVE Vulnerability Identifiers: CVE-2019-19697
Platform: Windows
CVSS 3.0 Scores: 3.9
Severity Ratings: Low
Summary
Trend Micro Security 2019 (Consumer) is vulnerable to arbitrary code execution which could allow an attacker to tamper with protected services.
Affected versions
| Product | Affected Versions | Platform | Language(s) |
|---|---|---|---|
| Premium Security | 2019 (v15) | Microsoft Windows | English |
| Maximum Security |
2019 (v15)
|
Microsoft Windows | English |
| Internet Security |
2019 (v15)
|
Microsoft Windows | English |
| Antivirus + Security |
2019 (v15)
|
Microsoft Windows | English |
Solution
| Product | Updated Build | Platform | Language(s) |
|---|---|---|---|
| All Versions Above | 2020 (v16) | Microsoft Windows | English |
Trend Micro has addressed these vulnerabilities in the latest version of the product, Trend Micro Security 2020 (v16), which can be obtained here.
Vulnerability Details
Trend Micro Security 2020(Consumer) resolves an arbitrary code execution vulnerability in the 2019 (v15) version of the product which could allow an attacker gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.
Please note than an attacker must already have administrator privileges on the machine to exploit this vulnerability.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- John Page (aka hyp3rlinx) of ApparitionSec
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.