SECURITY BULLETIN: Trend Micro Security 2019 (Consumer) Arbitrary Code Execution Vulnerability
Release Date: January 14, 2020
CVE Vulnerability Identifiers: CVE-2019-19697
CVSS 3.0 Scores: 3.9
Severity Ratings: Low
Trend Micro Security 2019 (Consumer) is vulnerable to arbitrary code execution which could allow an attacker to tamper with protected services.
|Premium Security||2019 (v15)||Microsoft Windows||English|
|Antivirus + Security||
|All Versions Above||2020 (v16)||Microsoft Windows||English|
Trend Micro has addressed these vulnerabilities in the latest version of the product, Trend Micro Security 2020 (v16), which can be obtained here.
Trend Micro Security 2020(Consumer) resolves an arbitrary code execution vulnerability in the 2019 (v15) version of the product which could allow an attacker gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.
Please note than an attacker must already have administrator privileges on the machine to exploit this vulnerability.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- John Page (aka hyp3rlinx) of ApparitionSec
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.