Trend Micro Antivirus flaw exploited by hackers to gain Windows Systems admin rights. Trend Micro Apex One, Apex One as a Service (SaaS), and OfficeScan XG SP1 on Microsoft Windows have vulnerabilities.
Trend Micro Versions Affected
- Apex One – On-Premise (2019) and SaaS for both Windows and macOS(client)
Trend Micro Apex One vulnerability on Microsoft Windows can allow attackers to create hard links to any file on the system. This can later be used to manipulate it to gain windows admin permission to execute malware codes.
Trend Micro Apex One and OfficeScan XG Improper Access Control Privilege Escalation are CVE-2020-24557 vulnerabilities. This vulnerability can allow bad actors access to particular product folders and disable the security temporarily and abuse specific Windows functions and gain privilege.
In order to exploit this vulnerability, the hackers will have to obtain the ability to execute low privileged code on the target system.
How to Fix the Trend Micro Vulnerabilities?
Users will be required to update the patches and build to address the issue. You should update to the latest version of the products.
Even though OfficeScan XG SP1 vulnerabilities were addressed in a previous patch, it advised users to download and update to the latest version.
You can also visit Trend Micro’s Download Center to download Service packs and other relevant software required.