Solution
Vulnerability Details
Trend Micro has released an update to resolve this issue and customers should receive the update automatically as long as they are connected to the Internet.
| Product Versions | Update Build | Platform |
|---|---|---|
| All 2016 Trend Micro Security Products (version 10) | 10.0.1288 | Windows OS |
This update resolves a vulnerability in one of Trend Micro Security Network Content Inspection drivers. When an attacker triggers a null pointer dereference it would produce a driver fault and BSOD. The resulting exceptions can be used to elevate privileges or leak the kernel debugging information. Such information will be valuable in planning subsequent attacks.
Trend Micro has not received any reports and is not aware of any actual attacks against the affected products related to the Kernel Driver Null Pointer Deference vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank the following individuals for responsibly reporting this issue and working with Trend Micro to help protect our customers:
- Enrique Elias Nissim
- Jaanus Kp of Clarified Security working with Trend Micro's Zero Day Initiative
- @bee13oy of CloverSec Labs working with Trend Micro's Zero Day Initiative
- Kasif Dekel & Gal Elbaz of Check PointSecurity Research Team
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
