Hackers use Trend Micro Antivirus Flaw to gain Windows systems admin rights. This vulnerability which is found in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily and abuse a specific Windows function and attain privilege escalation.
Affected Versions and Target Products
- The version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
- Trend Micro Apex One (Apex One) 2019 Build Less than 8422
- Trend Micro Apex One SaaS (Apex One SaaS) Build less than 202008
- OfficeScan Corporate Edition (hereafter OfficeScan) XG Service Pack 1 Build Less than 5702
Vulnerability (CVE-2020-24557) in Trend Micro Apex One, Apex One SaaS, and OfficeScan Corporate Edition and Patches:
Trend Micro has released new patches for Trend Micro Apex One, Apex One as a Service (SaaS), and OfficeScan XG SP1. These patches resolve multiple vulnerabilities related to hard link privilege escalation, out-of-bounds read information disclosure, and improper access control.
The hotfixes are cumulative, and the latest hotfixes include fixes for this vulnerability.
|Product||About the hotfix|
|ApexOne||Critical Patch 8422|
|OfficeScan Corp. XG SP1||Critical Patch 5702|
Trend Micro has also updated their previous vulnerability patch releases.
CVE Identifier(s): CVE-2020-24556, CVE-2020-24557, CVE-2020-24558, CVE-2020-24559, CVE-2020-24562
Impacts that can be seen in case of attacks:
Known vulnerabilities in Apex One, Apex One SaaS, and OfficeScan agents could elevate privileges, allow an attacker to manipulate certain product folders to temporarily disable security features or to temporarily disable certain Windows features. It may be abused.
It is very important to apply the latest patch as soon as possible. Patches are released for every version now. Utilize and save the environment!