[BreachExchange] Trend Micro Patches Two Vulnerabilities Exploited in the Wild

Destry Winant destry at riskbasedsecurity.com
Thu Mar 19 10:07:12 EDT 2020


https://www.securityweek.com/trend-micro-patches-two-vulnerabilities-exploited-wild

Trend Micro has patched several serious vulnerabilities in its
Worry-Free Business Security, Apex One and OfficeScan products,
including a couple of flaws that have been exploited in the wild.

One of the actively exploited vulnerabilities, tracked as
CVE-2020-8467, is related to a migration tool component of Apex One
and OfficeScan. It allows a remote, authenticated attacker to execute
arbitrary code on affected installations.

The second flaw, tracked as CVE-2020-8468 and described as a content
validation escape issue, impacts the agents for Worry-Free Business
Security, Apex One and OfficeScan. It allows an authenticated attacker
to “manipulate certain agent client components.”

The exploited vulnerabilities were identified by Trend Micro’s own
researchers, but no information has been released about the attacks.

Since exploitation of the flaws requires authentication, the attacks
involving CVE-2020-8467 and CVE-2020-8468 likely also leveraged other
vulnerabilities as well.

This is not the first time malicious actors have exploited
vulnerabilities in Trend Micro products. An attack launched last year
against Mitsubishi Electric reportedly involved exploitation of a
vulnerability in Trend Micro’s OfficeScan product. The attack was
attributed to the China-linked threat group known as Tick.

The Trend Micro advisories describing the Apex One and OfficeScan
vulnerabilities also inform users that the two products are affected
by three other critical weaknesses and these can be exploited without
authentication.

Two of the security holes are related to service DLL files and they
can be exploited to execute arbitrary code with elevated privileges
and to delete any file on the server. The third vulnerability is
related to an EXE file and it can allow a remote attacker to “write
arbitrary data to an arbitrary path on affected installations and
bypass root login.” Trend Micro says there is no evidence that these
vulnerabilities have been exploited for malicious purposes.

The DLL file vulnerabilities also impact Worry-Free Business Security,
which is also affected by a high-severity directory traversal flaw
that can be exploited to bypass authentication.


More information about the BreachExchange mailing list