The Japanese antivirus provider Trend Micro has released patches for Worry-Free Business Security, Apex One and OfficeScan products to fix several dangerous vulnerabilities, including two issues that have been exploited in the wild.
The 0Days in question reside in Trend Micro Apex One and OfficeScan solutions. The first one, tracked as CVE-2020-8467, affects migration tool component of Trend Micro Apex One and OfficeScan and allows to remotely execute arbitrary code on affected installations (RCE). To exploit this flaw an attacker needs to be authenticated.
The second flaw has received an identifier CVE-2020-8468 and is described as a content validation escape issue. The vulnerability impacts the agents for Worry-Free Business Security, Apex One and OfficeScan. It allows an authenticated attacker to “manipulate certain agent client components.”
Trend Micro said it detected “at least one active attempt” to exploit these flaws in the wild, but the company did not provide any details regarding attacks.
Other patched flaws include CVE-2020-8470, CVE-2020-8598, and CVE-2020-8599. All of them rated as critical (CVSS 10) and affect Trend Micro Apex One and OfficeScan server. The CVE-2020-8470 and CVE-2020-859 vulnerabilities exist due to a vulnerable service DLL file that could allow a remote unauthenticated attacker to delete any file on the server with SYSTEM level privileges, or to execute arbitrary code on affected installations with SYSTEM level privileges.
The last issue stems from a vulnerable EXE file that could allow a remote unauthenticated attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login.