Login Sign Up

CVE-2024-23940

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to hijack DLL files used by Trend Micro's uiAirSupport component, enabling them to execute arbitrary code with elevated privileges. It affects Trend Micro Security 2023 consumer products running vulnerable versions. Successful exploitation could lead to full system compromise.

💻 Affected Systems

Products:
  • Trend Micro Security 2023 family of consumer products
Versions: 6.0.2092 and below
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the uiAirSupport component within Trend Micro Security 2023 consumer products.

📦 What is this software?

Air Support by Trendmicro

View all CVEs affecting Air Support →

Antivirus \+ Security by Trendmicro

View all CVEs affecting Antivirus \+ Security →

Internet Security by Trendmicro

View all CVEs affecting Internet Security →

Maximum Security by Trendmicro

View all CVEs affecting Maximum Security →

Premium Security by Trendmicro

View all CVEs affecting Premium Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of malware, data theft, and persistent backdoor access.

🟠

Likely Case

Local privilege escalation leading to unauthorized system access and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper endpoint protection and user privilege restrictions in place.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and ability to place malicious DLL files in specific directories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.2093 or later

Vendor Advisory: https://helpcenter.trendmicro.com/en-us/article/tmka-12134

Restart Required: Yes

Instructions:

1. Open Trend Micro Security 2023. 2. Click 'Check for Updates'. 3. Install available updates. 4. Restart computer when prompted.

🔧 Temporary Workarounds

Restrict DLL loading permissions

windows

Set stricter permissions on directories where Trend Micro loads DLLs to prevent unauthorized file placement.

icacls "C:\Program Files\Trend Micro\Security\uiAirSupport" /deny Everyone:(OI)(CI)(RX)

🧯 If You Can't Patch

  • Implement strict user privilege management to limit local access
  • Deploy application whitelisting to prevent unauthorized DLL execution

🔍 How to Verify

Check if Vulnerable:

Check Trend Micro Security version in the application interface or via 'About' section.

Check Version:

wmic product where "name like 'Trend Micro%'" get version

Verify Fix Applied:

Confirm version is 6.0.2093 or higher in Trend Micro Security interface.

📡 Detection & Monitoring

Log Indicators:

  • Unusual DLL loading from non-standard paths
  • Process creation from Trend Micro directories with suspicious parent processes

Network Indicators:

  • Outbound connections from Trend Micro processes to unexpected destinations

SIEM Query:

Process Creation where (Image contains 'Trend Micro' OR ParentImage contains 'Trend Micro') AND CommandLine contains '.dll'

📊 Metadata

CVE ID: CVE-2024-23940
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: January 29, 2024
Last Updated: May 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23940, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)