[German]Administrators using Trend Micro's Apex One, Apex One as a Service (SaaS) and Office Scan XG products as a protection solution on Windows and macOS need to act. The products are vulnerable through four vulnerabilities, but an update is available.
Advertising
Apex One and Apex One as a Service (SaaS) are two security solutions from Trend Micro that scan endpoints for malware infection and protect the relevant devices against malware or ransomware. Office Scan XG from Trend Micro is also designed to protect Windows clients in the office from malware.
Security Advice for Trend Micro Apex One
As of September 1, 2020, Trend Micro has released SECURITY BULLETIN: August 2020 Security Bulletin for Trend Micro Apex One and Apex One as a Service. Product updates were released on August 28, 2020 to address vulnerabilities in Apex One and Apex One as a Service (SaaS). The manufacturer writes about this:
Trend Micro has released new patches for Trend Micro Apex One and Apex One as a Service (SaaS). These patches address several vulnerabilities related to the escalation of hardlink privileges, improper read disclosure and improper access control.
The vulnerabilities CVE-2020-24556, CVE-2020-24557, CVE-2020-24558 and CVE-2020-24559 are closed. Here is an excerpt with details about the vulnerabilities:
CVE-2020-24556: Trend Micro Apex One Hard Link Privilege Escalation Vulnerability (Windows)
CVSSv3: 7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
A vulnerability in Trend Micro Apex One on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.CVE-2020-24557: Trend Micro Apex One Improper Access Control Privilege Escalation
CVSSv3: 7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
A vulnerability in Trend Micro Apex One on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
CVE-2020-24558: Trend Micro Apex One Out-of-Bounds Read Information Disclosure
CVSSv3: 5.5: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
A vulnerability in an Trend Micro Apex One dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerabilityCVE-2020-24559: Trend Micro Apex One Hard Link Privilege Escalation Vulnerability (macOS)
CVSSv3: 7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
A vulnerability in Trend Micro Apex One on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root.
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Please note that the updated macOS client for Apex One (on-premise) is available via Trend Micro's Active
Further details and the download of the update is possible via the Security Advisory. (via)
Trend Micro OfficeScan XG
There are also vulnerabilities in Trend Micro OfficeScan XG, which the manufacturer disclosed in the security advisory SECURITY BULLETIN: Trend Micro OfficeScan XG Hard Link Privilege Escalation Vulnerability dated September 3, 2020. Trend Micro has also released a new patch XG SP1 Patch 3 b5684 for Trend Micro OfficeScan XG SP1 for Windows on August 28, 2020. This patch fixes the CVE-2020-24556 vulnerability (escalation of hardlink privileges). However, it is recommended to have a look at the readme file and study the known issues before some installation.
Advertising
The vulnerabilities are rated as high, whereas the exploitation of hardlink privileges Escalation from Windows 10 version 1909 on was stopped by a patch on the operating system side. Further details can be found in the security advices of the manufacturer.
