受影響版本

解決方案

趨勢科技已經發布更新程式以解決此弱點:

*以上修正程式是解決本文所提及的諸項弱點之最低要求的版本，若後續有發表更新的產品更新或修正，我們也建議您安裝新推出的版本。

弱點詳情

本更新程式可修正Deep Security與Vulnerability Protection產品中的下列弱點:

1. CVE-2019-9488 (CVSSv3 6.8 - AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N):  Affected versions of Trend Micro Deep Security Manager and Vulnerability Protection are vulnerable to a XML External Entity Attack.  However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager (DSM).

   Due to the seriousness of this and any vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible.

   In addition to the vulnerability discovered and addressed above, another potential issue was reported and is being given a Defense in Depth (DiD) credit:

2. *Defense in Depth (DiD) Credit: It was reported that affected versions of Trend Micro Deep Security do not have integrity checking of deployed agent files to protect against potential tampering.  Fortunately, Trend Micro Deep Security on Windows has an Agent Self-Protection mechanism to protect against the modification of agent files.  More information can be found at the Deep Security Help Center: Enable or disable agent self-protection section.

   緩解要素

   以上攻擊方式通常需要透過存取具弱點的主機(實體或遠端)來達成。除了維持主機保持更新外，我們也建議用戶定期檢查重要系統中的安全性原則與存取紀錄等，並讓主機處於最新的狀態。

   然而，儘管一個完整的攻擊需要許多特定的條件配合達來完成，趨勢科技仍然強烈建議用戶盡早安裝此更新。

   致謝

   趨勢科技感謝以下人員與趨勢科技一同針對本弱點揭露與分析所作出的貢獻:

   • Boyd Ansems and Frank Cozijnsen of the KPN REDteam

   其它參考

   • CVE-2019-9488