SECURITY BULLETIN: Denial of Service (DoS) Vulnerability in Trend Micro Security 2019 (Consumer)

  • Solution ID:1124056
  • Last Updated:Feb. 07, 2020 8:52 PM (PST)
  • Applies to:Antivirus+ Security - 2019;Internet Security - 2019;Maximum Security - 2019;Premium Security - 2019;

Release Date: Feb. 7, 2020

CVE Vulnerability Identifiers: CVE-2019-19694

Other Reference Identifier: JPCERT JVN#02921757

Platform: Windows

CVSSv3 Scores:5.5

Severity Ratings: Medium


Summary

The Trend Micro Security 2019 consumer family of products is vulnerable to a denial of service (DoS) attack that could disable the malware and security protection on an affected machine. 


Affected Versions
ProductAffected VersionsPlatformLanguage(s)
Premium Security 2019 (15.0.0.1163 and below) Windows English
Maximum Security 2019 (15.0.0.1163 and below) Windows English
Internet Security 2019 (15.0.0.1163 and below) Windows English
Antivirus + Security 2019 (15.0.0.1163 and below) Windows English

Solution
ProductUpdated VersionPlatformLanguage
All versions of Trend Micro Security above 2020 (v16) Windows English


Trend Micro has confirmed that the latest version of Trend Micro Security (2020 version 16) is not affected by this vulnerability and recommends that customers currently running any of the Trend Micro Security 2019 (v15) products listed above upgrade to the latest 2020 (v16) version to resolve the issue and benefit from the latest protection. It is recommended that customers upgrade to the latest version to ensure the latest protection. Customers may obtain the latest version here


Vulnerability Details

The Trend Micro Security 2019 consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.


Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

  • BlackWingCat via JPCERT

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.