SafeBreach discloses major vulnerabilities in popular software

DLL loading vulnerabilities discovered in software from Trend Micro, Kaspersky and Autodesk

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

SafeBreach Labshas published three major vulnerability disclosures which concern three popular and widely-used software products.

The first deals with Trend Micro’santivirusproduct Trend Micro Security 16, the second concerns Kaspersky’sVPNproduct Kaspersky Secure Connection and the third involves the Autodesk Desktop Application.

SafeBreach discovered that all of these products contain security flaws which can lead to privilege escalation and persistence by loading an arbitraryunsigned DLLinto a service that runs as NT Authority/System.

This is exactly the same type of flaw that the firm disclosed inBitDefender Antivirus Free 2020back in September.

Unsigned DLL

SafeBreach’s team has written “proof of concept” code to demonstrate how they were able to compile a replacement DLL file and set it to load instead of the legitimate one for Trend Micro Security 16, Kaspersky Secure Connection and Autodesk.

The firm’s replacement DLL files lead toprivilege escalationthrough code execution at the highest authority level since none of the three products have any kind of DLL validation procedure in place. To make matters worse, these security products are typically set to auto-launch when a user turns on their system which means that any malicious payloads will also be persistent.

SafeBreach reported the vulnerabilities to the software vendors in July and all three companies confirmed them within a few weeks. Trend Micro published a security advisory first on November 25 for CVE-2019-15628 and this was followed by Autodesk releasing a security advisory of its own a day later for CVE-2019-7365. Kaspersky provided regular status updates for its customers concerning the CVE-2019-15689 vulnerability.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Trend Micro has patched the problem already with the release of version 16.0.1227 of Trend Micro Security 2016 and users running any version below 16.0.1221 should update their software immediately. Kaspersky and Autodesk are also working on patches and users should patch their software when these fixes become available.

ViaTechNadu

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set