Experts point out that they found 223 vulnerabilities in Trend Micro products

ByYohann Legrand

Two security experts examined Trend Micro's products and found that they found 223 vulnerabilities for eleven products in the six months. 194 of them are serious vulnerabilities that allow remote code execution without user intervention.

Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities In Just 6 Months

More than 200 vulnerabilities found in Trend Micro security products

I found a vulnerabilityRoberto SuggiWith Mr.Steven SeeleyMr. and the first report was July 29, 2016. In about six months thereafter, two people were Trend Micro's eleven products, and we found a total of 223 vulnerabilities.

In particular, the vulnerability of a tool to prevent data loss jeopardizes the network, two people got control of the server running the software and got malicious to the connected computer and other clients I was able to deliver some updates.

Likewise, InterScan, a network protection software, has found a vulnerability that poses a hazard to the network.

They point out that these fundamental weaknesses are "worst type of cross site scripting (XSS)".

On the other hand, Trend Micro judged that most of the vulnerability pointed out was not important, although the reaction itself was quick. Also, although some patches were released, it seems that Mr. Seeley was "a very bad thing" which is easy to avoid. Director John Clay explains that the vulnerability was not found in the Deep Security series for servers and endpoint security products.

"The problem of this sort is not limited to Trend Micro," said Alan Woodward, a professional digital security expert at Surrey University. Mr. Chris Eng of security company Varacode also said, "We can not find 100% of the problem alone by testing security software," the numerous vulnerability reports this time is not surprising, so that security software company We have not gained the trust of. In fact, Google's Tavis OrmandySymantec Product VulnerabilityPointed out.

Mr. Suggi and Mr. Seeley said the security conference to be held in Amsterdam in April 2017 for this "achievement"Hack In The BoxIt is planned to make a presentation.

in Security, Posted by logc_nt