JVNDB-2020-000013

Multiple Trend Micro products vulnerable to denial-of-service (DoS)

Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service (DoS) vulnerability (CWE-400).

BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Trend Micro, Inc.

• Antivirus + Security 2019 for Windows version 15 and earlier
• Internet Security 2019 for Windows version 15 and earlier
• Trend Micro Maximum Security 2019 for Windows version 15 and earlier
• Trend Micro Premium Security 2019 for Windows version 15 and earlier

According to the developer, Premium Security 2020 for Windows version 16, Maximum Security 2020 for Windows version 16, Internet Security 2020 for Windows version 16, and Antivirus+ Security 2020 for Windows version 16 are not affected by this vulnerability.

An attacker may disable Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows.

[Update the software]
Update to the latest version according to the information provided by the developer.
The developer states that the users who still use the obsolte versions that are no longer supported are recommended to upgrade to the latetst supported versions.

Trend Micro, Inc.

• Trend Micro : SECURITY BULLETIN: Denial of Service (DoS) Vulnerability in Trend Micro Security 2019 (Consumer)

1. No Mapping(CWE-Other) [IPA Evaluation]

1. CVE-2019-19694

1. JVN : JVN#02921757
2. National Vulnerability Database (NVD) : CVE-2019-19694

• [2020/02/14]
    Web page was published
• [2020/03/06]
    Affected Products : Product version was modified
    Solution was modified