Researchers from the security firm SafeBreach Labs recently disclosed multiple security vulnerabilities in Autodesk, Trend Micro, and Kaspersky software. The company published three different security advisories, describing the issues, to report to the vendors before public release.
According to SafeBreach Labs, the vulnerability, tracked as CVE-2019-15628, effects Trend Micro Maximum-Security version 16.0.1221 and below software components.
The researchers stated that the lack of safe DLL loading meant that attackers can exploit the bug to load unsigned DLLs.
Once exploited, the vulnerability can lead to application whitelisting bypass, evasion of cybersecurity protections, and potentially privilege escalation, the researchers stated.
“The vulnerability gives attackers the ability to load and execute malicious payloads in a persistent way, each time the service is loaded. That means that once the attacker drops a malicious DLL in a vulnerable path, the service will load the malicious code each time it is restarted,” SafeBreach Labs said in a statement.
The other security bug, tracked as CVE-2019-15689, that discovered at the same time affects Kaspersky Secure Connection. It’s said that this vulnerability can only be exploited if an attacker has already had administrator privileges.
According to researchers, attackers can manipulate this vulnerability during a post-exploitation phase to achieve signed code execution, persistence, and defense evasion.
“The vulnerability gives an attacker the ability to load and execute malicious payloads in a persistent way, each time the service is loaded. That means that once the attacker drops a malicious DLL, the service will load the malicious code each time it is restarted,” SafeBreach Labs stated.
The final vulnerability, named as CVE-2019-7365, was discovered in the Autodesk desktop application – AdAppMgrSvc.exe.
“After an attacker gains access to a computer, he might have limited privileges which can limit access to certain files and data,” the researchers said. “The service provides him with the ability to operate as NT AUTHORITYSYSTEM which is the most powerful user in Windows, so he can access almost every file and process which belongs to the user on the computer.”
SafeBreach Labs reported the vulnerabilities to the concerned authorities of Trend Micro, Kaspersky, and Autodesk. However, Kaspersky stated that it has fixed the security issue found in its Kaspersky Secure Connection. Trend Micro too issued a patch to fix the vulnerability.