CVE-2024-45334
📋 TL;DR
This vulnerability in Trend Micro Antivirus One allows attackers to modify product configurations without authorization, potentially disabling security features or altering protection settings. It affects consumer versions 3.10.4 and below. Users who haven't updated are vulnerable to unauthorized configuration changes.
💻 Affected Systems
- Trend Micro Antivirus One (Consumer)
📦 What is this software?
Antivirus One by Trendmicro
⚠️ Risk & Real-World Impact
Worst Case
Attacker disables all antivirus protection, modifies exclusions to allow malware execution, and gains persistent access to the system while remaining undetected.
Likely Case
Local attacker with limited privileges modifies antivirus settings to disable real-time scanning or add exclusions for malicious files.
If Mitigated
Attack is detected through configuration change monitoring, and unauthorized changes are reverted before significant damage occurs.
🎯 Exploit Status
Vulnerability allows configuration manipulation which could be exploited through various local attack vectors.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.10.5 or later
Vendor Advisory: https://helpcenter.trendmicro.com/en-us/article/TMKA-14461
Restart Required: Yes
Instructions:
1. Open Trend Micro Antivirus One. 2. Click 'Check for Updates'. 3. Install available updates. 4. Restart computer when prompted.
🔧 Temporary Workarounds
Restrict Local Access
allLimit local user privileges and implement least privilege access controls to reduce attack surface.
Monitor Configuration Changes
windowsImplement file integrity monitoring for Trend Micro configuration files and registry settings.
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized processes from modifying antivirus configurations.
- Deploy additional endpoint security controls to compensate for potential antivirus feature degradation.
🔍 How to Verify
Check if Vulnerable:
Check Trend Micro Antivirus One version in the application interface. If version is 3.10.4 or lower, the system is vulnerable.Check Version:
Check via Trend Micro Antivirus One GUI: Help > AboutVerify Fix Applied:
Verify version is 3.10.5 or higher in the application interface and check that all protection features are enabled and functioning.📡 Detection & Monitoring
Log Indicators:
- Unexpected configuration changes in Trend Micro logs
- Antivirus service restarts or feature disablement events
Network Indicators:
- Unusual outbound connections after antivirus configuration changes
SIEM Query:
source="trendmicro" AND (event_type="configuration_change" OR event_type="feature_disabled")