Vulnerability Confirmation - DataAmor and DriveArmor Pre Boot Environment

Support
Solution ID Last Updated
1060043 Jan. 20, 2012 5:26 PM (PST)


Product / Version Platform
Mobile Armor DataArmor Full Disk Encryption - 3.0;
Windows - 7 32-bit, 7 64-bit, Vista 32-bit, Vista 64-bit, XP Professional

Problem Description

A security update has been issued for Trend Micro DataArmor which resolves a privately disclosed, local vulnerability.  This vulnerability in the DataArmor pre boot could allow an attacker with local access to the laptop the ability to escalate privileges of an existing user account with established credentials on the device. Once user privileges are escalated the user could then potentially gain access to the DataArmor Recovery Console.

As the pre boot operating system of DriveArmor is very similar to DataArmor we verified that this potential vulnerability is present in DriveArmor as well and implemented a similar fix. 

Solution

Products Affected:
All versions of DataArmor and DriveArmor

 

Background and Impact:
Successful exploitation of this vulnerability could allow an attacker to modify limited cached data related to user authentication and gain access to the DataArmor recovery console.

 

Important Note

 

  • Any unauthorized changes made due to this vulnerability would be overwritten the next time a device receives a policy update from the PolicyServer.
  • To exploit this vulnerability an individual would need local access to a machine and have a valid user name and password for the device.

 

Affected Versions
• DataArmor 3.0.10 or greater
• DriveArmor 3.0.0 or greater

 

Solution:
To address this vulnerability, Trend Micro has developed and tested new installers for DataArmor and DriveArmor and an update patch for DataArmor. These product updates and new installers will be made available to all active clients regardless of support or maintenance end dates.

 

DataArmor

 

  • New Installers - new DataArmor SP7g x86 and x64 installs are delivered in build 3.0.12.861 available for download effective January 20, 2012.
  • Upgrades
    • The only supported upgrade path for the DataArmor SP7g update is via SMS (or other push method) or by manually running the executable locally on a client PC.
    • A reboot is required after application of the update to restart the Mobile Sentinel service
  • x86 DataArmor patch – the DataArmor SP7g x86 update is available for download effective January 20, 2012.
  • x64 DataArmor Patch - the DataArmor SP7g x64 update patch is currently in development and scheduled for release by Friday, January 27, 2012.

 

DriveArmor

 

  • New DriveArmor x86/x64 installs are delivered in build 3.0.0.439 available for download effective January 20, 2012.
  • The DriveArmor upgrade process is to uninstall and reinstall the product.
    • This process can be scripted and pushed or executed manually.

 

References:
This vulnerability was reported to Trend Micro by Stuart Passé from NGS Secure.

Downloading the New Trend Micro Endpoint Encryption Software
All Trend Micro Endpoint Encryption software download requests must be logged for tracking purposes as this technology is export-controlled by the US Government.
Pre-established customer-approved technical contacts will be sent an email on 20 January 2012 with a secure download link for the new software.
All other customers may request the new Trend Micro Endpoint Encryption software by selecting from the appropriate link below and opening a service request:


Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on