SECURITY BULLETIN: Denial of Service (DoS) Vulnerability in Trend Micro Security 2019 (Consumer)
Release Date: Feb. 7, 2020
CVE Vulnerability Identifiers: CVE-2019-19694
Other Reference Identifier: JPCERT JVN#02921757
Severity Ratings: Medium
The Trend Micro Security 2019 consumer family of products is vulnerable to a denial of service (DoS) attack that could disable the malware and security protection on an affected machine.
|Premium Security||2019 (184.108.40.2063 and below)||Windows||English|
|Maximum Security||2019 (220.127.116.113 and below)||Windows||English|
|Internet Security||2019 (18.104.22.1683 and below)||Windows||English|
|Antivirus + Security||2019 (22.214.171.1243 and below)||Windows||English|
|All versions of Trend Micro Security above||2020 (v16)||Windows||English|
Trend Micro has confirmed that the latest version of Trend Micro Security (2020 version 16) is not affected by this vulnerability and recommends that customers currently running any of the Trend Micro Security 2019 (v15) products listed above upgrade to the latest 2020 (v16) version to resolve the issue and benefit from the latest protection. It is recommended that customers upgrade to the latest version to ensure the latest protection. Customers may obtain the latest version here.
The Trend Micro Security 2019 consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- BlackWingCat via JPCERT
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.