Views:

Bulletin Date: December 31, 2020

Platform: Microsoft Windows

CVSSv3 Scores: 6.6 (Medium)

Summary

Trend Micro has released a hotfix for the Trend Micro Security 2021 family of consumer products which resolves a local privilege escalation vulnerability.

Affected versions

PRODUCT AFFECTED VERSIONS PLATFORM LANGUAGE(S)
Premium Security 2021 (v17) Microsoft Windows English
Maximum Security 2021 (v17) Microsoft Windows English
Internet Security 2021 (v17) Microsoft Windows English
Antivirus+ Security 2021 (v17) Microsoft Windows English

Solution

PRODUCT AFFECTED VERSIONS PLATFORM LANGUAGE(S)
All Versions Above 2021 (v17) Hotfix 1001 Microsoft Windows English


Trend Micro has released a hotfix available here, that resolves the issue.

Vulnerability Details

The Trend Micro Security 2021 family of consumer products is vulnerable to a local privilege vulnerability related to the Clean Privacy Feature of the product which could allow an attacker to delete arbitrary files.

Please note that an attacker must already have user privileges on the machine to exploit this vulnerability.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro acknowledges the following individual for discovering this issue:

  • Abdelhamid Naceri (halov)

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Add a comment