Trend Micro Warns Users For Active Exploitation Of An Already-Patched Bug

Once again, the practice of procrastinating updates by the users has let the attackers exploit an already-patched vulnerability. Recently, Trend Micro has warned users of active attacks by exploiting a bug in Apex One and OfficeScan. While the vendors already patched the bug, they now urge users to update their systems at the earliest.

Trend Micro Alerts Of Bug Under Attack

In 2020, Trend Micro fixed some serious vulnerabilities in their products Apex One and OfficeScan.

The patches first arrived with their August 2020 update bundle. The fixes addressed four different bugs that include the following.

  • CVE-2020-24556, CVE-2020-24562 – hard link privilege escalation (CVSS: 7.8) (affecting Windows only)
  • CVE-2020-24557 – improper access control privilege escalation (CVSS: 7.8)
  • CVE-2020-24558 – out-of-bounds read information disclosure (CVSS: 5.5)
  • CVE-2020-24559 – hard link privilege escalation (CVSS: 7.8) (affected Apex One on macOS only)

Despite releasing the patches quite earlier, it seems the vulnerability still existed at the users’ end, thus attracting the hackers to exploit.

In the latest update to the previous advisory, Trend Micro has confirmed that the vulnerability CVE-2020-24557 is under attack. However, the active exploitations only aim at the Apex One bug; OfficeScan remains safe.

Describing this bug in detail, Tenable stated in its advisory,

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Update Now

Given the severity of the flaw, JPCERT has also issued an alert for the users urging them to apply the patches quickly.

Precisely, users of Apex One and OfficeScan should update to the following patched versions.

  • Trend Micro Apex One 2019 Critical Patch (Build later than 8422)
  • OfficeScan XG SP1 Critical Patch (Build later than 5702)

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients