Security News > 2020 > December > Trend Micro Patches Serious Flaws in Product Used by Companies, Governments
Trend Micro informed customers this week that an update for its InterScan Web Security Virtual Appliance patches several potentially serious vulnerabilities, including ones that can be exploited to remotely take control of the appliance.
The vulnerabilities were discovered by Wolfgang Ettlinger, a researcher at Austria-based cybersecurity consultancy SEC Consult, and they were reported to Trend Micro in the summer of 2019.
While the validation and patching process took a fairly long time, SEC Consult told SecurityWeek that the Trend Micro PSIRT handled the issue very professionally, "In contrast to other larger companies we have encountered in the past."
While it's unclear exactly how many organizations are using the affected Trend Micro product, SEC Consult told SecurityWeek that it has notified cybersecurity agencies in Germany and Austria, and learned that the product is used by major corporations and even government organizations.
"We are aware of the vulnerabilities found in the IWSVA product and commend SEC Consult for responsibly disclosing them and working closely with us to resolve the issues," Trend Micro told SecurityWeek in an emailed statement.