If you use Trend Micro's password manager or its Premium Security or Maximum Security antivirus software on Windows, update the software now. Otherwise, your PC could be ripe for infection.
Two different DLL-hijacking flaws were found in the password manager, which is both a stand-alone program and a component of the aforemetioned antivirus packages, Trend Micro announced yesterday (Aug. 14).
A DLL, or dynamic link library, is a code repository shared by many programs. Sneaking malicious code into DLLs is a tried-and-true method of corrupting programs while they're running. It even works on Macs.
"Trend Micro has addressed these vulnerabilities via a patch that is available now through the product's automatic ActiveUpdate feature for all products listed above," Trend Micro said.
"Customers who receive regular automatic updates from the internet should have already received the update," which is designated as Password Manager version 22.214.171.1248. "Customers who have not yet received the update can manually click 'Update Now' to ensure they have the latest build."
Trend Micro thanked researchers Peleg Hadar of SafeBreach Labs and Trần Văn Khang of Infiniti Team/VinCSS for discovering and privately disclosing the bugs.