Trend Micro's security software installed a 'test server' on its users computers that could be attacked through the internet. In the worst case attackers could take full control over the computer, according to Tavis Ormandy, a security researcher from Google. Ormany calls the issue, "ridiculously easy to discover and exploit".
The test server was a so-called 'remote debugging server' that was installed on computers running Trend Micro Maximum Security, Trend Micro Premium Security and Trend Micro Password Manager. The server was started by default and listened for connections on localhost. According to Ormany the issue could be easily exploited with some Javascript. When successfully executed it would allow an attacker to take over the entire system.
Ormandy informed Trend Micro on the 22nd of March about the issue. According to Trend Micro the culprit was a third-party module and it would take time to crack the source code, disable the server and then add the modified code back to their products. Nevertheless, several days later the company shipped a temporarily patch. A patch that should totally resolve the issue should be released in the coming weeks.
