Vulnerability

Trend Micro Apex One & OfficeScan Vulnerabilities

This blog contains information about the Trend Micro Apex One & OfficeScan vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Clip path group@2x

T-Update

Information about vulnerabilities

This blog contains information about the Trend Micro Apex One & OfficeScan vulnerabilities. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update April 22, 2021

16:00 | In August 2020, Trend Micro announced a number of vulnerabilities in their Apex One and OfficeScan products. These vulnerabilities were patched by the company at that time. Trend Micro has recently published an update which advises that the vulnerabilities have now been exploited in the wild.

Customized cyber security

Background

Risk

Below CVE numbers were linked to the vulnerabilities in August 2020:

CVE-2020-24556, CVE-2020-24557, CVE-2020-24558, CVE-2020-24559, CVE-2020-24562

Patches were quickly released and are still available for users who have not yet upgraded the software.

By using these vulnerabilities, an attacker can increase their rights on the system (privilege escalation). This makes it possible to make use of system resources that would not be available to the attacker under normal circumstances.

To exploit these vulnerabilities, an attacker must already have access to the system, either locally or remotely.

Advice

Below versions/products are vulnerable:


Product Updated version Platform

Apex One
(onsite)

Versions prior to patch 3 b8378 Windows

Apex One
(onsite)

Versions prior to macOS Patch 1 macOS

Apex One
(SaaS)

Versions prior to Aug 2020 Monthly Patch (2008)

Windows &
macOS

Office Scan Versions prior to XG SP1 CP5698 Windows

Considering that updates have been available for these vulnerabilities since August last year, the applications should already be patched. In case your systems have not been patched, please update as soon as possible.

For more information, see:

https://success.trendmicro.com/solution/000263632

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion gebruikt jouw gegevens voor het versturen van de gevraagde informatie. Daarnaast worden je gegevens mogelijk gebruikt voor commerciële opvolging. Je kunt je op elk gewenst moment hiervoor afmelden via de link in de e-mail. Lees voor meer informatie ons privacybeleid.

Ellipse 6