A threat actor is actively exploiting a bug currently in Trend Micro’s security products to do privilege escalation on Windows systems. The vulnerability tracked as CVE-2020-24557 is affecting two major security products of the company – Apex One and OfficeScan.
Christopher Vella, a security researcher at Microsoft, reported the flaw to Trend Micro privately through the company’s bug acquisition program.
The issue cannot be used to gain access to the system, but it can be helpful to gain admin access in Windows systems if the attacker has access to run low-privileged code. One can exploit the flaw to disable the security temporarily by making some modifications in certain product folders. The bug is found in a piece of code that handles access to the Misc folder.
The vulnerability has been rated with a CVSS score of 7.8. POC or exploit for the bug is not available publicly.
The exploitation of the vulnerability leads to privilege escalation on the affected systems.
- Apex One 2019 before Build – 8422
- Apex One (SaaS) before Build – 202008
- OfficeScan before XG SP1 Build 5702
Trend Micro released fixes for the issue in its security advisory on August 2020. The fixes are available in:
Trend Micro also added that,
Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
We strongly recommend installing these security updates without any delay.