Trend Micro AV gave any website command-line access to Windows PCs - Microsoft Windows OS forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

Trend Micro AV gave any website command-line access to Windows PCs

Patch available. Update NOW

tangor

10:19 am on Jan 12, 2016 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

PCs running Trend Micro's Antivirus on Windows can be hijacked, infected with malware, or wiped clean by any website, thanks to a vulnerability in the security software.

The design blunders were discovered by Google Project Zero bod Tavis Ormandy. A patch is now available to address the remote-code execution flaw, so Trend Micro users should update their software as soon as possible.

[theregister.co.uk...]

Andy Langton

9:14 pm on Jan 12, 2016 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

That exploit is absolutely insane. Also includes the ability to grab all browser passwords, which is pretty shocking for a secure password manager!

bill

5:21 am on Jan 14, 2016 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

If you'd like a good laugh, here's the Google thread of the original incident [code.google.com...]