Jump to content

Bitdefender and Trend Micro security software patched after multiple critical vulnerabilities exposed


Recommended Posts

  • Author

Bitdefender and Trend Micro security software patched after multiple critical vulnerabilities exposed

Bitdefender and Trend Micro security software patched after multiple critical vulnerabilities exposed

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

In the past ten days, Trend Micro and Bitdefender have released blog posts urging customers to update their security software due to Local Privilege Escalation and Man-In-The-Middle (MITM) vulnerabilities, respectively [h/t Heise]. There are six related CVEs listed on their sites, five relating to Bitdefender Total Security and one for Trend Micro Deep Security Agent, and all advise updating to more recent releases. Bitdefender Total Security users are advised to be on product version 27.025.115 or newer, attainable through auto-update, and Trend Micro Deep Security Agent users are advised to update to or download product version 20.0.1-17380.

Of the two companies, Bitdefender seems to have had to patch more vulnerabilities than Trend Micro, though all five are targeted at MITM vulnerabilities in some way. Man In The Middle vulnerabilities allow for the interception and alteration of communications between users and given sites, allowing false pages and certificates to appear legitimate.

Bitdefender’s HTTPS scanning functionality was failing to verify certificates across five key scenarios properly: certificates lacking “Server Authentication” specs in Extended Key Usage extensions, incorrect checks of site certificates using MD5 and SHA1 collision hash functions, trust of unauthorized entities who exploit the “Basic Constraints” certificate extension, and improper trust of both certificates using the DSA signature algorithm and self-signed certificates, in general.

That said, Local Privilege Escalation is also quite a major cybersecurity issue, even if Trend Micro is addressing just one relevant vulnerability. Local Privilege Escalation refers to standard users gaining admin or system-level access, and Trend Micro’s gap came about as a result of insufficient authentication controls, which doesn’t sound like a great issue for software called Deep Security Agent.

Fortunately, the related issues have already been addressed in their respective software updates and these problems shouldn’t impact Bitdefender or Trend Micro customers anymore. However, it is noteworthy that, unlike many cyberattacks which find other vectors of infection, these vulnerabilities were all found within existing security software installed specifically on systems trying to avoid attacks like these. Sometimes, less is more — though of course, the applicability of that mentality can vary greatly depending on your industry.



Source link

#Bitdefender #Trend #Micro #security #software #patched #multiple #critical #vulnerabilities #exposed

📬Pelican News

Source Link

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

Cookie Consent & Terms We use cookies to enhance your experience on our site. By continuing to browse our website, you agree to our use of cookies as outlined in our We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.. Please review our Terms of Use, Privacy Policy, and Guidelines for more information.