INSUBCONTINENT EXCLUSIVE:
SafeBreach Labs has published three major vulnerability disclosures which concern three popular and widely-used software products.The first
deals with Trend Micro's antivirus product Trend Micro Security 16, the second concerns Kaspersky's VPN product Kaspersky Secure Connection
and the third involves the Autodesk Desktop Application.SafeBreach discovered that all of these products contain security flaws which can
lead to privilege escalation and persistence by loading an arbitrary unsigned DLL into a service that runs as NT Authority/System.This is
exactly the same type of flaw that the firm disclosed in BitDefender Antivirus Free 2020 back in September.SafeBreach's team has written
“proof of concept” code to demonstrate how they were able to compile a replacement DLL file and set it to load instead of the legitimate
one for Trend Micro Security 16, Kaspersky Secure Connection and Autodesk.The firm's replacement DLL files lead to privilege escalation
through code execution at the highest authority level since none of the three products have any kind of DLL validation procedure in place
To make matters worse, these security products are typically set to auto-launch when a user turns on their system which means that any
malicious payloads will also be persistent.SafeBreach reported the vulnerabilities to the software vendors in July and all three companies
confirmed them within a few weeks
Trend Micro published a security advisory first on November 25 for CVE-2019-15628 and this was followed by Autodesk releasing a security
advisory of its own a day later for CVE-2019-7365
Kaspersky provided regular status updates for its customers concerning the CVE-2019-15689 vulnerability.Trend Micro has patched the problem
already with the release of version 16.0.1227 of Trend Micro Security 2016 and users running any version below 16.0.1221 should update their
Kaspersky and Autodesk are also working on patches and users should patch their software when these fixes become available.Via TechNadu
