SECURITY BULLETIN: Trend Micro Security 2019 (Consumer) Arbitrary Code Execution Vulnerability

  • Solution ID:1124090
  • Last Updated:Jan. 14, 2020 5:25 PM (PST)
  • Applies to:Antivirus+ Security - 2019;Internet Security - 2019;Maximum Security - 2019;Premium Security - 2019;

Release Date: January 14, 2020

CVE Vulnerability Identifiers: CVE-2019-19697

Platform: Windows

CVSS 3.0 Scores: 3.9

Severity Ratings: Low


Summary

Trend Micro Security 2019 (Consumer) is vulnerable to arbitrary code execution which could allow an attacker to tamper with protected services.

Affected versions
ProductAffected VersionsPlatformLanguage(s)
Premium Security 2019 (v15) Microsoft Windows English
Maximum Security
2019 (v15)
Microsoft Windows English
Internet Security
2019 (v15)
Microsoft Windows English
Antivirus + Security
2019 (v15)
Microsoft Windows English

 

Solution
ProductUpdated BuildPlatformLanguage(s)
All Versions Above 2020 (v16) Microsoft Windows English


Trend Micro has addressed these vulnerabilities in the latest version of the product, Trend Micro Security 2020 (v16), which can be obtained here.


Vulnerability Details

Trend Micro Security 2020(Consumer) resolves an arbitrary code execution vulnerability in the 2019 (v15) version of the product which could allow an attacker gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.

Please note than an attacker must already have administrator privileges on the machine to exploit this vulnerability.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.


Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:


Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.