On Monday, a set of vulnerabilities affecting Kaspersky and Trend Micro products has been publicly disclosed.
The vulnerability in Trend Micro Maximum Security gives attackers the ability to load and execute malicious payloads each time the service is loaded - and it runs on startup. This could enable them to bypass application whitelisting, evade cybersecurity protections and escalate privileges.
Vulnerability found in Kaspersky Secure Connection (VPN client which is a part of Kaspersky Internet Security) could allow third-parties with administrator privileges to locally execute arbitrary code.
The vulnerabilities were reported to the companies in July and both of them have recently released patches and security advisories - Trend Micro on November 25 and Kaspersky on December 2.