Trend Micro Antivirus Products Exploited Wildly

Trend Micro Antivirus Products Exploited Wildly

A threat actor is actively exploiting a bug currently in Trend Micro’s security products to do privilege escalation on Windows systems. The vulnerability tracked as CVE-2020-24557 is affecting two major security products of the company – Apex One and OfficeScan.

Christopher Vella, a security researcher at Microsoft, reported the flaw to Trend Micro privately through the company’s bug acquisition program.


CVE-2020-24557

The issue cannot be used to gain access to the system, but it can be helpful to gain admin access in Windows systems if the attacker has access to run low-privileged code. One can exploit the flaw to disable the security temporarily by making some modifications in certain product folders. The bug is found in a piece of code that handles access to the Misc folder.

The vulnerability has been rated with a CVSS score of 7.8. POC or exploit for the bug is not available publicly.

This bug becomes the fourth vulnerability in Apex One and OfficeScan, which has been actively exploited after CVE-2019-18187, CVE-2020-8467, and CVE-2020-8468.


Impact

The exploitation of the vulnerability leads to privilege escalation on the affected systems.


Affected Products

  • Apex One 2019 before Build – 8422
  • Apex One (SaaS) before Build – 202008
  • OfficeScan before XG SP1 Build 5702

Solution

Trend Micro released fixes for the issue in its security advisory on August 2020. The fixes are available in:

Trend Micro also added that,

Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

We strongly recommend installing these security updates without any delay.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments