Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28929: Security Bulletin: Trend Micro Security DLL Hijacking

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

CVE
Open in Source
#vulnerability#windows#microsoft

LAST UPDATED: MAY 16, 2023

Release Date: March 28, 2023

CVE Vulnerability Identifier: CVE-2023-28929

Platform(s): Microsoft Windows

CVSS: 3.1

Scores: 8.6: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity Rating: Medium

Summary

Trend Micro has released an update via ActiveUpdate for the Trend Micro Security for Windows family of consumer products (2021,2022, and 2023) which resolves a DLL hijacking vulnerability.

Affected version(s)

PRODUCT

AFFECTED VERSION(S)

PLATFORM

LANGUAGE(S)

Trend Micro Security

2022/2023 (17.7.1476 and below)

Microsoft Windows

English

Trend Micro Security

2021 (17.0.1412 and below)

Microsoft Windows

English

Solution

Trend Micro has released an update via ActiveUpdate for each version below that resolves the issue.

PRODUCT

APPLICABLE VERSION(S)

PLATFORM

LANGUAGE(S)

Trend Micro Security

2022/2023 (17.7.1634 and below)

Microsoft Windows

English

Trend Micro Security

2021 (17.0.1426 and below)

Microsoft Windows

English

Vulnerability Details

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

  • Nippon Telegraph and Telephone Corporation, NTT Security (Japan) KK, NTT DATA Corporation
    • Rintaro Fujita
    • Hiroki Hada
    • Hiroki Mashiko

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

How helpful was this article?

  • It wasn’t helpful at all.

  • Somewhat helpful.

  • Just okay.

  • It was somewhat helpful.

  • It was helpful.

  • *Feedback submitted will only be used as reference for future product, service and article improvements.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE