Release Date: August 25, 2022
CVE Vulnerability Identifier: CVE-2022-38764
Platform(s): Microsoft Windows
Summary
Trend Micro has released a new version of the Trend Micro HouseCall that resolves an incorrect permission assignment privilege escalation vulnerability.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro HouseCall | Version 1.62.1.1133 | Microsoft Windows | English |
Solution
Trend Micro has released a version to resolve this issue:
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro HouseCall | Version 1.62.1.1140 | Microsoft Windows | English |
Vulnerability Details
This version resolves a vulnerability due to an overly permissive folders under Program Files that possibly allow to execute code with System privileges.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Xavier Danest working with Trend Micro’s Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
External Reference
- ZDI-CAN-16829
