Views:

Bulletin Date: February 9, 2021

Platform: Microsoft Windows

Assigned CVE: CVE-2021-25251

CVSS 3.0 Score(s): 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Severity Rating: High

Summary

Trend Micro has released an update to the Trend Micro Security 2020 and 2021 families of consumer products which resolve a code injection vulnerability.

Affected versions

PRODUCT AFFECTED VERSIONS PLATFORM PLATFORM
Premium Security 2020 (v16) and 2021 (v17) Windows English
Maximum Security 2020 (v16) and 2021 (v17) Windows English
Internet Security 2020 (v16) and 2021 (v17) Windows English
Antivirus+ 2020 (v16) and 2021 (v17) Windows English

Solution

PRODUCT UPDATED BUILD(S) PLATFORM PLATFORM
All Trend Micro Security versions above 2020 (v16) and 2021 (v17) Windows English


Trend Micro has released an update via the product’s ActiveUpdate automatic update mechanism to resolve this issue. Your Trend Micro Security program should receive the update automatically as long as your computer is connected to the Internet.

The latest versions of Trend Micro Security (Consumer) can be found here.

Vulnerability Details

  • CVE-2021-25251: The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program’s password protection and disable protection.

Please note that an attacker must already have administrator privileges on the machine to exploit this vulnerability.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Add a comment