News

Vulnerability in Trend Micro Password Manager endangers Windows users

SafeBreach researchers found a vulnerability in the Trend Micro Password Manager.

Using this security issue, an attacker can strengthen his presence in an attacked Windows system.

The attack vector exists due to the fact that the Trend Micro Password Manager Central Control Service (PwmSvc.exe file) is launched with the rights of the most privileged Windows account – NT Authority\System.

“This service can be used to elevate privileges from the user level to the system level. This is an extremely useful loophole for a potential attacker”, — writes Peleg Hadar, security researcher at SafeBreach Labs.

The Trend Micro Password Manager Central Control Service gives an attacker the ability to work on a victim’s computer as NT Authority\System, which is the most powerful user on Windows, so he can gain access to almost all possible files and processes.

Read also: Researchers introduced a system for assessing the probability of exploiting vulnerabilities in real attacks

The situation is aggravated by the fact that executable service file is signed by Trend Micro.

In other words, if an attacker executes the code inside this process, he will bypass the security solutions, as Trend Micro signature is in the “white lists”.

“The vulnerability gives attackers the ability to load and execute malicious payloads using a signed service. An attacker can abuse this vulnerability for different purposes such as execution and evasion, for example: Application Whitelisting Bypass”, — reports SafeBreach researcher.

Khadar also draws attention to: Trend Micro Password Manager Central Control Service starts automatically when Windows starts, therefore, this mechanism can be used to execute malicious code when loading the operating system itself.

Reference:

Trend Micro Password Manager is a standalone software which is also deployed along with the Trend Micro Maximum Security product. The purpose of the software is to manage website passwords and login IDs in one secure location.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-bfopeci.info Pop-up Ads

About News-bfopeci.info News-bfopeci.info pop-ups can not open out of nowhere. If you have clicked on…

5 hours ago

Remove News-bfugaho.info Pop-up Ads

About News-bfugaho.info News-bfugaho.info pop-ups can not introduce out of the blue. If you have clicked…

5 hours ago

Remove News-bganise.info Pop-up Ads

About News-bganise.info News-bganise.info pop-ups can not launch out of the blue. If you have actually…

5 hours ago

Remove News-xhijupa.com Pop-up Ads

About News-xhijupa.com News-xhijupa.com pop-ups can not introduce out of the blue. If you have clicked…

5 hours ago

Remove News-xnicini.cc Pop-up Ads

About News-xnicini.cc News-xnicini.cc pop-ups can not open out of the blue. If you have clicked…

5 hours ago

Remove News-xpafema.cc Pop-up Ads

About News-xpafema.cc News-xpafema.cc pop-ups can not launch out of nowhere. If you have clicked on…

5 hours ago