Trend Micro Security 2019 (Consumer) Tampering Vulnerability [CVE-2019-19697]

CVE number – CVE-2019-19697

Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM.

This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros “Asmp”
service “coreServiceShell.exe” which does not allow Administrators to tamper with them.

This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.

Note :- administrator privileges are required to exploit this vulnerability.

Affected versions

Platform Microsoft Windows
Premium Security 2019 (v15)
Maximum Security 2019 (v15)
Internet Security 2019 (v15)
Antivirus + Security 2019 (v15)

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: