Tuesday, July 14, 06:54
Home security DLL vulnerabilities in Autodesk, Trend Micro and Kaspersky

DLL vulnerabilities in Autodesk, Trend Micro and Kaspersky

Researchers have uncovered a set of DLL vulnerabilities in Autodesk, Trend Micro and Kaspersky programs.

On Monday, SafeBreach Labs published three safety tips describing the bugs, which were privately reported to vendors prior to publication.

The first vulnerability, referred to as CVE-2019-15628, affects Trend Micro Maximum Security version 16.0.1221 and below. One of its components software, the Trend Micro Solution Platform service, coreServiceShell.exe, works as a NT AUTHORITY \ SYSTEM with high levels of authorization and was this executable by researchers.

Once the coreServiceShell.exe runs, a library - paCoreProductAdaptor.dll is loaded. However, a DLL was missing, the lack of secure DLL loading and the signed validation meant that the attackers could exploit this security hole by loading irrelevant DLLs.

The ability to load and execute arbitrary DLL files with high privileged signed software could lead to applications being bypassed, preventing it from being protected. cyberspace and possibly escalating benefits, the researchers say.

"Vulnerability enables attackers to continuously load and execute malicious payloads each time the service is loaded," SafeBreach Labs says. "This means that as soon as the attacker leaves a malicious DLL on a vulnerable path, the service will load malicious code every time it starts again. "

The second vulnerability revealed affects her Kaspersky Secure Connection, a virtual private network client (VPN) developed with Kaspersky Internet Security solutions to establish a secure connection to the vendor's servers.

Watch as CVE-2019-15689, this error can only be avoided if a hacker has already secured administrator permissions on software versions under 4.0.

The Kaspersky Secure Connection service also works as NT AUTHORITY \ SYSTEM and in the same way as the Trend Micro aforementioned problem, the Kaspersky Secure Connection 3.0.0 (KSDE) searches for missing DLLs, opening a path for abuse through uncontrolled search paths and without signature validation.

Possibly appropriate as part of a post-exploit chain, the vulnerability allows for arbitrary loading of a DLL signed by AO Kaspersky Lab and capable of running at high levels of permissions.

The latest vulnerability, CVE-2019-7365, was discovered on the Autodesk desktop. The desktop app - AdAppMgrSvc.exe - is related to Autodesk software from 2017 to date and operates with NT AUTHORITY \ SYSTEM. A missing DLL call from a companion library also allowed arbitrary DLL files to be loaded. In addition, there is no digital certificate validation, so unsigned DLLs can be executed.

"Once an attacker accesses a computer, it may have limited privileges that can restrict access to certain files and data," the researchers said. "Its service enables it to function as NT AUTHORITY \ SYSTEM, which is the most powerful user in Windows, so that it has access to almost every file and process that belongs to the user at computer"

The vulnerabilities were reported to Trend Micro, Kaspersky and Autodesk in July, with any security flaws being confirmed in the same month or August.

Update 15.49 GMT: A Trend Micro spokesman said: “Trend Micro has released an updated version code for these vulnerabilities that are currently available through the product's ActiveUpdate automatic function for all related products.

Trend Micro has asked for time beyond the usual 90 days policy and after resolving the issue has published a consultancy security on November 25. Kaspersky made the mistake and posted a security tip on 2 December. Autodesk has not yet given any advice. A Kaspersky spokesman told ZDNet:

“Kaspersky has fixed a security issue identified in Kaspersky Secure Connection that could potentially allow third parties to execute an arbitrary locally code. To exploit this error, an attacker must have royalties local administrator and its complete control computer.

This security issue was fixed by the 2020 E patch, which was delivered to users through Kaspersky's automatic update procedures. A restart is required to apply these updates. “

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Ryzen 7 1700 vs. Ryzen 3 3300X: 8 cores vs. 4

AMD's favorite classic old generation, Ryzen 7 1700, is being tested and compared to its direct competitor, the 4-core Ryzen 3 ...
00:02:36

Browser War: Safari and Edge threaten Chrome

The new Edge browser, released for Windows 10 Home and now available for download on Mac, is based on Chromium, which ...

PC sales worldwide have increased due to coronavirus

The outbreak of the coronavirus pandemic has affected all areas of our lives. After health and other industries have been hit ...

MIT: They make a robot handle that will be able to distinguish cables!

MIT researchers have developed a robot handle with the ability to handle very thin objects such as ropes and cables, according to a statement.

Fedora 33: Will contain Nano as the default text editor

Have you ever thought, who is your favorite text editor, when we talk about operating systems based on ...

Hacker was selling databases of the Ukrainian government

A Ukrainian hacker has been arrested for selling confidential information collected from Ukrainian government databases. According to a ...
00:02:11

TikTok downloaded 49 million videos that violated the terms of use

TikTok downloaded more than 49 million videos from users around the world in the second half of 2019, according to ...

United Kingdom: Is Huawei's immediate foreclosure "dangerous"?

Philip Jansen, CEO of the British telecommunications company "BT", stated that any government move demands the immediate exclusion of the Huawei kit from ...

Dark Mode comes in Google Docs, Sheets and Slides for Android

Do you spend a lot of time using Google Docs, Sheets or Slides on your Android phone or tablet? We have good news for you ...

Hackers seek to exploit vulnerabilities in Citrix ADC

Last week, Citrix released fixes for a total of 11 vulnerabilities in some of its most popular products, in which ...