CVE-2021-28649 – This vulnerability in Trend Micro HouseCall for... (How to Fix)

Q: What is the severity of CVE-2021-28649?

CVE-2021-28649 has a CVSS score of 7.3 (HIGH). This vulnerability in Trend Micro HouseCall for Home Networks installer allows local privilege escalation. An attacker with low-privileged access can place malicious code in a specific folder, which gets executed with administrator privileges when a user runs a scan. Affects version 5.3.1179 and below.

📋 TL;DR

This vulnerability in Trend Micro HouseCall for Home Networks installer allows local privilege escalation. An attacker with low-privileged access can place malicious code in a specific folder, which gets executed with administrator privileges when a user runs a scan. Affects version 5.3.1179 and below.

💻 Affected Systems

Products:

Trend Micro HouseCall for Home Networks

Versions: 5.3.1179 and below

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Windows OS and Trend Micro HouseCall installation. Attacker must first obtain low-privileged code execution on target system.

📦 What is this software?

Housecall For Home Networks by Trendmicro

View all CVEs affecting Housecall For Home Networks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full administrative control, installing persistent malware, accessing sensitive data, and pivoting to other systems.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access protected system resources.

🟢

If Mitigated

Limited impact if proper access controls prevent low-privileged code execution and users don't run scans with administrative privileges.

🌐 Internet-Facing: LOW - Requires local access and user interaction; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires attacker to first gain low-privileged access on target system, then social engineering or wait for administrator to run scan.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires two-step attack: 1) Gain low-privileged code execution, 2) Place malicious code in specific folder and wait for administrator to run scan. Social engineering may be required to trigger scan.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.3.1180 or later

Vendor Advisory: https://helpcenter.trendmicro.com/en-us/article/TMKA-10310

Restart Required: Yes

Instructions:

1. Open Trend Micro HouseCall for Home Networks. 2. Check for updates in settings. 3. Download and install version 5.3.1180 or later. 4. Restart the application and system if prompted.

🔧 Temporary Workarounds

Restrict folder permissions

windows

Modify permissions on the vulnerable folder to prevent unauthorized write access

icacls "C:\Program Files\Trend Micro\HouseCall" /deny Users:(OI)(CI)W

Run scans without admin privileges

windows

Configure HouseCall to run scans with standard user privileges instead of administrator

🧯 If You Can't Patch

Uninstall Trend Micro HouseCall for Home Networks if not required
Implement strict access controls to prevent low-privileged code execution on systems

🔍 How to Verify

Check if Vulnerable:

Check installed version of Trend Micro HouseCall for Home Networks. If version is 5.3.1179 or below, system is vulnerable.

Check Version:

Check application version in Help > About or examine installed programs in Control Panel

Verify Fix Applied:

Verify installed version is 5.3.1180 or later. Test folder permissions on installation directory to ensure proper restrictions.

📡 Detection & Monitoring

Log Indicators:

Unusual file creation in Trend Micro installation directory
Process execution from Trend Micro folders with elevated privileges
Failed permission modification attempts on Trend Micro directories

Network Indicators:

No direct network indicators - local privilege escalation

SIEM Query:

Process Creation where (Image contains 'HouseCall' OR ParentImage contains 'HouseCall') AND IntegrityLevel='High'

📊 Metadata

CVE ID: CVE-2021-28649

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: May 12, 2021

Last Updated: November 21, 2024

🔗 References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10310 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-474/ Third Party Advisory,VDB Entry
https://helpcenter.trendmicro.com/en-us/article/TMKA-10310 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-474/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28649, you might also want to check these: