Product

Affected Version(s)

Platform

Language(s)

IM Security

Version 1.6.5

Windows

English

Control Manager

Version 7.0

Windows

English

OfficeScan

Windows

English

Endpoint Sensor

Version 1.6

Windows

English

Trend Micro Security
(Consumer)

All 2019 Versions

Windows

English

ScanMail for Microsoft Exchange

Version 14.0

Windows

English

ServerProtect

Windows/Netware (5.8), EMC (5.8), and Storage (6.0)

Windows

English

Mobile Security (Enterprise)

Version 9.8

Windows

English

SECURITY BULLETIN: Installer Vulnerability in Multiple Trend Micro Products

Product / Version includes:

Mobile Security For Enterprise9.8 , OfficeScanXG , ServerProtect for Microsoft Windows/Novell NetWare5.8 , Control Manager7.0 , ScanMail for Exchange14.0 , Instant Messaging SecurityAll

Last updated: 2024/03/18

Solution ID: KA-0009669

Category: Install , Upgrade , Update

Summary

Release Date: February 19, 2020
CVE Identifier(s): CVE-2019-14688
Platform(s): Windows
Severity Rating(s): Medium

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation.

Affected Products(s)

Product	Affected Version(s)	Platform	Language(s)
IM Security	Version 1.6.5	Windows	English
Control Manager	Version 7.0	Windows	English
OfficeScan	XG	Windows	English
Endpoint Sensor	Version 1.6	Windows	English
Trend Micro Security (Consumer)	All 2019 Versions	Windows	English
ScanMail for Microsoft Exchange	Version 14.0	Windows	English
ServerProtect	Windows/Netware (5.8), EMC (5.8), and Storage (6.0)	Windows	English
Mobile Security (Enterprise)	Version 9.8	Windows	English

Solution

The installers for all the affected products listed above have been repacked and replaced on Trend Micro's Download Center. Customers are encouraged to always ensure they have a copy of the latest installer before deploying a new machine.

Vulnerability Details

CVE-2019-14688: The repacked installers for the affected products resolve a potential DLL hijack vulnerability in a specific installer component of several Trend Micro product installers.

Please note: the vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.

Already existing or completed installations are not affected by this vulnerability and no additional remediation is required.

Customers are encouraged to ensure that a fresh installer obtained from a trusted source is always used before any new installations or deployments.

Due to the seriousness of this or any vulnerabilities, customers are highly encouraged to ensure they have the latest version of the installer before deploying a new installation.

Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing these issues and working with Trend Micro to help protect our customers:

Honc (章哲瑜)

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

SECURITY BULLETIN: Installer Vulnerability in Multiple Trend Micro Products

SECURITY BULLETIN: Installer Vulnerability in Multiple Trend Micro Products

Product / Version includes:

Summary