The issues have been resolved or resolved, but researchers say they are a worrying step in the way attackers can manipulate trusted security systems.

How hackers use low-tech tactics to target companies
BioCatch’s vice president Frances Zelazny explains how pre-texting and social engineering work and why your company is vulnerable to low-tech hacks.

SafeBreach Labs discovered three vulnerabilities that affect Trend Micro Maximum Security software, Autodesk Desktop Application software, and Kaspersky Secure Connection, a VPN client associated with Kaspersky Internet Security.

The vulnerabilities have been repaired or resolved by the companies, but SafeBreach’s lead investigator, Peleg Hadar, said they were a worrying step forward in how attackers can manipulate trusted security systems. Each was discovered in July or August and SafeBreach worked with the companies to resolve the bugs.

“They all look alike, but the TrendMicro and the AutoDesk are a bit more critical because in some situations you don’t need an administrator to activate the vulnerability,” Hadar said.

“The most critical of the three is the Trend Micro, because it allows you to execute malicious code during the antivirus process itself, so that you can actually bypass everything and just do malicious things and the antivirus will not detect it.”

SEE: Special report: a winning strategy for cyber security (free PDF) (TechRepublic Premium)

Trend Micro Maximum Security is designed to protect devices against threats such as ransomware, viruses, malware, spyware and more. But Hadar’s research showed that parts of the software could be manipulated and exploited because it is executed as NT AUTHORITY SYSTEM, the most privileged type of user account.

Allows attackers to perform defense evasion, persistence, and in some cases, escalation of privileges and gain access with NT AUTHORITY SYSTEM privileges.

This allows hackers to execute malicious code because the service executable file is signed by Trend Micro, which means that it can evade detection because it is used as a bypass of the whitelist application.

“I don’t think these have been exploited. I know that a very similar vulnerability has recently been exploited. This class of vulnerability needs to be limited,” Hadar said.

This error was found in Trend Micro Security 16.0.1221 and every earlier version. A patched version has been released and Trend Micro issued a security recommendation on November 25.

In the opinion, officials say that the vulnerability was not exploited, but “that an attacker could use a specific service as an execution and / or persistence mechanism that could run a malicious program every time the service is started.”

The problem with the Autodesk Desktop application software also involves malicious use of NT AUTHORITY SYSTEM. According to Hadar, the Autodesk desktop app will be installed from 2017 with Microsoft Windows-based Autodesk products. The software manages product updates, new releases and security patches for subscribers.

Autodesk does not seem to have issued a security advisory, but officials told SafeBreach on November 15 that they would issue an advisory report by November 26.

Hadar found the same vulnerability at Kaspersky Secure Connection and the company issued a patch on November 21 and issued an advice on December 2.

“The most important fact about this is that an attacker can do things on behalf of the company that is in the software,” Hadar said. “This is the most important thing. When an attacker gains access to one of these vulnerabilities, they can work under the software shell.”

“If I am an attacker and use Kaspersky’s vulnerability, other softwares think that I will be Kaspersky as soon as I do it, so I can just mask my malicious activity because the processes are signed,” he added.

Cyber ​​Security Insider Newsletter

Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday

Register today

Also see

Image: Getty Images / iStockphoto

Similar Posts

Leave a Reply