Trend Micro patches two zero-day vulnerabilities under active attack in the wild

By / / Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Apex One, CVE-2020-8467, CVE-2020-8468, CVE-2020-8470, CVE-2020-8598, CVE-2020-8599, OfficeScan, Trend Micro

Trend Micro has patched five vulnerabilities in multiple products. The updates address two zero-days – one Critical risk vulnerability CVE-2020-8467 and another High risk vulnerability CVE-2020-8468 under active attack in the wild. In addition, the company also patched three other Critical vulnerabilities that require no authentication to exploit.

Critical vulnerability exploited in wild (CVE-2020-8467)

Trend Micro fixed a Critical remote code execution vulnerability in Trend Micro Apex One (on premise) and OfficeScan XG products. A remote authenticated attacker could exploit the vulnerability CVE-2020-8467 to execute arbitrary code on affected systems.

“Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild,” Trend Micro warned in the advisory.

“Customers are strongly encouraged to update to the latest versions as soon as possible.”

The vulnerability has a CVSSv3 base score of 9.1.

High vulnerability exploited in the wild (CVE-2020-8468)

Trend Micro also patched a High severity “content validation escape” vulnerability CVE-2020-8468 in Trend Micro Apex One and OfficeScan agents.

A remote attacker could exploit this issue to manipulate certain agent client components. Trend Micro also spotted at least one active attempt of potential exploitation of this vulnerability as well.

The vulnerability has a CVSSv3 base score of 8.0.

3 other Critical vulnerabilities rated 10.0

Finally, Trend Micro patched the three additional Critical vulnerabilities in Trend Micro Apex One and OfficeScan server:

  • CVE-2020-8470: a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges
  • CVE-2020-8598: a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges.
  • CVE-2020-8599: a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.

Of special note, authentication is NOT required to exploit each of these vulnerabilities and each has a CVSSv3 base score of 10.0.

Related Articles