A threat actor is actively exploiting a bug currently in Trend Micro’s security products to do privilege escalation on Windows systems. The vulnerability is tracked as CVE-2020-24557 and is affecting two major security products of the company – Apex One and OfficeScan. A good Vulnerability management tool can solve these issues.
Christopher Vella, a security researcher at Microsoft, privately reported the flaw to Trend Micro through the company’s bug acquisition program. Therefore, A vulnerability Management Software can prevent these attacks.
CVE-2020-24557
The issue cannot be in use of gaining access to the system, but it can be helpful to gain admin access in Windows systems if the attacker can run low-privileged code. One can exploit the flaw to temporarily disable the security by modifying certain product folders. The bug is in a piece of code that handles access to the Misc folder.
The vulnerability has been rated with a CVSS score of 7.8. POC or exploit for the bug is not available publicly.
This bug becomes the fourth vulnerability in Apex One and OfficeScan. Which isactively exploited after CVE-2019-18187, CVE-2020-8467, and CVE-2020-8468.
Impact of CVE-2020-24557
The exploitation of the vulnerability leads to privilege escalation on the affected systems.
Affected Products
- Apex One 2019 before Build – 8422
- Apex One (SaaS) before Build – 202008
- OfficeScan before XG SP1 Build 5702
Solution for CVE-2020-24557
Trend Micro released fixes for the issue in its security advisory on August 2020. The fixes are available in:
- Apex One (On-premise) Patch 3 b8378
- OfficeScan XG SP1 CP5698*
Trend Micro also added that,
Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
We strongly recommend installing these security updates without any delay.