Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0150 Trend Micro Mobile Security (Enterprise) 18 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Trend Micro Mobile Security (Enterprise) Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Remote/Unauthenticated Administrator Compromise -- Existing Account Modify Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-14081 CVE-2017-14080 CVE-2017-14079 CVE-2017-14078 Member content until: Wednesday, October 18 2017 Reference: https://success.trendmicro.com/solution/1118224 OVERVIEW Multiple vulnerabilities have been identified in Trend Micro Mobile Security (ENT) prior to version 9.7 Patch 3 [1] IMPACT Trend Micro have provided the following details regarding the vunlnerabilities: "Release Date: September 13, 2017 CVE Identifier(s): CVE-2017-14078, 14079, 14080, 14081 CVSS 2.0 Score(s): 6.5 - 10 Severity Rating(s): Medium & High Trend Micro has released a new patch for Trend Micro Mobile Security (Enterprise) 9.7. This patch resolves multiple vulnerabilities related to potential unrestricted file uploads, authentication bypass, SQL injections, and proxy command injections. CVE ZDI Case(s) CVE-2017-14078 ZDI-17-739 -- 810 (excluding 752, 767, 774, 785, 789) CVE-2017-14079 ZDI-17-785, 789, 790, 807 CVE-2017-14080 ZDI-17-767 CVE-2017-14081 ZDI-17-752, 774 Acknowledgement Trend Micro would like to thank the following individuals for responsibly disclosing these issues and working with Trend Micro to help protect our customers: Steven Seeley (mr_me) of Offensive Security & Roberto Suggi Liverani (@malerisch) working with Trend Micro's Zero Day Initiative Steven Seeley (mr_me) of Offensive Security working with Trend Micro's Zero Day Initiative" [1] MITIGATION Trend Micro has provided an update to address these security issues. [1] REFERENCES [1] SECURITY BULLETIN: Trend Micro Mobile Security (Enterprise) Multiple Vulnerabilities https://success.trendmicro.com/solution/1118224 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWb9R3Yx+lLeg9Ub1AQiSJw//VWCurdPd9q2EXZEavhrwF8gA9uFJW3ZQ 5H5VDBa3R6dzZ/vTA6dRP+yhL5ioDFlEOaZl/X8yFgzm0L4saJClqXgRnf2yo+HE Q24iuCfd5ZeLWg7M+W+9GF6rS9hGinVgvJVudEy1XRBRoz+DuF+De9n3ei8V4IC+ qYLYd0lnvjht2gAa7Oriw7bYb2nW2F6KH8hEDNevCH5M48T2PnPMc+5sE3KSj6Z2 qVEKToYIYzelRo3ZG1x5v3tDzcFEY6NCzz2G6QOetKm3HB/WDS2Quz9wgEt++g7I VhJBVOjevwFphchroNJyOREv9HDSoajUUlG+VBM99tjCW5/UCN5cN77HJdHW/hRx Os6vneDqKsANWxMu03ShJwyRaIaMDOLdPSIFO8jXn2cYy+ZedovCykOdEXs2xd9H m7DtMtN5UpwlPIhlfqFzD2ZmdxrqVuFLBtWKZxyqe2RrlOe2u8jYVpTnxq5Bxm9K xhW4f2YSB/hEm1g4s76NvHzB8YZE3CbO8wBtprUk94axwnSzsP0fBLmYKw6L0t1B UcfYOXhUgJ+acmZQdkUM/K8v3PmK9hoibJPLQsOH9BE1d7xmPrpj4QI5v2+CBe5D 5ZFQBRGIAPyDZ40cn2Izfq8S2Lc1m+8k83AMMgXisCugMaHeKA8ZU6OtzHQ5Xvi9 dgY98GS4d/Y= =Og3V -----END PGP SIGNATURE-----