Recent attacks involved the exploitation of security holes in Trend Micro’s enterprise security products. Trend Micro issued a critical security advisory stating that it has observed active attempts of potential attacks against its products.
In-the-wild zer0-day exploits
- CVE-2020-8467 is a critical remote code execution vulnerability in the migration tool component of Trend Micro Apex One and OfficeScan.
- CVE-2020-8468 is a high severity content validation escape vulnerability in Trend Micro Apex One and OfficeScan agents. This bug allows an attacker to manipulate certain agent client components.
The two zero-days require user authentication for exploitation, and therefore we can infer that the attacks using these bugs must have been carried out in networks that the attackers have previously gained a foothold in. These bugs have most likely been used to elevate existing privileges or disable security products running in enterprise environments.
Other Critical Vulnerabilities
- CVE-2020-8470 : A flaw exists in the DLL file of a vulnerable service that allows attackers to delete any file on the server with SYSTEM level privileges.
- CVE-2020-8598 : A flaw exists in the DLL file of a vulnerable service that allows attackers to execute arbitrary code on vulnerable installations with SYSTEM level privileges.
- CVE-2020-8599: A flaw exists in a vulnerable EXE file which allows attackers to write arbitrary data to an arbitrary path on vulnerable installations and bypass ROOT login.
All three vulnerabilities have been rated critical with a CVSS score of 10.0 and do not require authentication for their exploitation. However, there have been no reports of active exploitation of these bugs so far.
Impact
The exploitation of these critical vulnerabilities could allow attackers to execute arbitrary code, bypass security mechanisms and modify sensitive components on target systems.
Affected Products
- Trend Micro Apex One (on premise) version 2019
- Trend Micro OfficeScan version XG SP1 and XG (non-SP)
Solution
Trend Micro has released critical security fixes for these vulnerabilities. The fixes are available in:
- Apex One (on premise) CP 2117 or higher.
- OfficeScan XG SP1 CP 5474 and XG CP 1988 or higher.
We strongly recommend installing these security updates without any delay.