Trend Micro Antivirus Products Exploited Wildly

A threat actor is actively exploiting a bug currently in Trend Micro’s security products to do privilege escalation on Windows systems. The vulnerability is tracked as CVE-2020-24557 and is affecting two major security products of the company – Apex One and OfficeScan. A good Vulnerability management tool can solve these issues.

Christopher Vella, a security researcher at Microsoft, privately reported the flaw to Trend Micro through the company’s bug acquisition program. Therefore, A vulnerability Management Software can prevent these attacks.

The issue cannot be in use of gaining access to the system, but it can be helpful to gain admin access in Windows systems if the attacker can run low-privileged code. One can exploit the flaw to temporarily disable the security by modifying certain product folders. The bug is in a piece of code that handles access to the Misc folder.

The vulnerability has been rated with a CVSS score of 7.8. POC or exploit for the bug is not available publicly.

This bug becomes the fourth vulnerability in Apex One and OfficeScan. Which isactively exploited after CVE-2019-18187, CVE-2020-8467, and CVE-2020-8468.

The exploitation of the vulnerability leads to privilege escalation on the affected systems.

• Apex One 2019 before Build – 8422
• Apex One (SaaS) before Build – 202008
• OfficeScan before XG SP1 Build 5702

Trend Micro released fixes for the issue in its security advisory on August 2020. The fixes are available in:

• Apex One (On-premise) Patch 3 b8378
• OfficeScan XG SP1 CP5698*

Trend Micro also added that,

We strongly recommend installing these security updates without any delay.