Researchers Found More than 200 Vulnerabilities in Trend Micro Products.

Trend Micro is among the notable names in the cyber security field. Recently security researchers discovered more than 200 vulnerabilities in Trend Micro security products since July 2016 and in that 194 were reported to be critical.Security researchers Roberto Suggi Liverani and Steven Seeley revealed vulnerabilities were present in 11 different Trend Micro security products.These can be exploited remotely and triggered without user interaction. One issue in the data loss prevention could even prompt to a full network failure and could send the malicious update to every single PC. Jon Clay, global director of threat communications at Trend Micro Company, said in a statement that “ the company's widely used deep security and endpoint products were not affected by the vulnerabilities reported and vulnerability found were taken seriously regardless of whether it is multiple or a single submission." Researchers told Trend Micro was quick to respond to the vulnerabilities, but there was one situation when it did not patch up the fix adequately, he added he could have bypassed it easily. During interscan, they found an issue on another trend product which protects the network.  An unauthenticated, remote code can be used to exploit the system, and once you are inside the network, you can easily pivot on the DLP box. Another issue was it was possible to execute malicious Javascript code as an administrator since there was a flaw within the cross-site scripting (XSS), it was unauthenticated.Another weakness was, once the code was executed it would allow the attacker to change or seize whatever data was there inside. It is "the worst type" of cross-site scripting, probably one of the most common vulnerabilities on the web, said, Seeley. They plan to showcase their exploits during the Hack In The Box(HITB) conference in Amsterdam this April.Trend Micro spokesperson said that its Data Loss Prevention product has now reached its official End of Support date and customers have been advised to migrate to an alternative solution that isn't affected. Jon Miller, chief research officer at Cylance Inc., said that " before a company releases their product to the consumers the same methodology which is used by the third parties to find vulnerabilities should be completed. Chris Eng, vice president of research Veracode, said "proper training should be given to the developers on secure coding and should perform security testing throughout the development process. They should have a procedure for responding to the vulnerability reports to ensure they communicate transparently with researchers around timeframes for patching. Trend Micro was not alone. Many security products in the industry have similar issues. It is a serious concern when security products have this number of vulnerabilities.