SafeBreach Labs has released three major security vulnerabilities affecting three popular and widely used software products.
The first one deals with Trend Micro's antivirus product Trend Micro Security 16, the second with Kaspersky's VPN product Kaspersky Secure Connection and the third this is the Autodesk desktop application.
SafeBreach found that all of these products have security vulnerabilities that can escalate and persist permissions by loading any unsigned DLL into a service running as NT Authority / System.
This is exactly the kind of bug that the company unveiled in September in BitDefender Antivirus Free 2020.
The SafeBreach team wrote "proof-of-concept" code to demonstrate how a replacement DLL could be compiled and find that it's replacing the legitimate one for Trend Micro Security 1
The company's DLL substitute files escalate high-level code execution privileges because none of the three products have a DLL validation procedure. To make matters worse, these security products usually start automatically when a user turns on their system. This means that all harmful payloads are persistent.
SafeBreach reported the vulnerabilities to software vendors in July and all three companies confirmed them within a few weeks. Trend Micro first released a security advisory for CVE-2019-15628 on November 25th. One day later, Autodesk released its own security advisory for CVE-2019-7365. Kaspersky regularly provided status updates for its customers regarding the CVE-2019-15689 vulnerability.
Trend Micro has already fixed the issue with the release of Trend Micro Security 2016 version 16.0.1227, and users running version 16.0.1221 should do so. Update their software immediately. Kaspersky and Autodesk are also working on patches. Users should patch their software as soon as these fixes are available.