Views:

Release Date: April 15, 2024

CVE Vulnerability Identifier: CVE-2024-32849

Platform(s): Microsoft Windows

CVSSv3 Scores:7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Trend Micro has released an update via ActiveUpdate for the Trend Micro Security for Windows family of consumer products which resolves a Privilege Escalation Vulnerability by updating the libraries in version 17.7 or higher of the software.

Affected version(s)

PRODUCT AFFECTED VERSION(S) PLATFORM LANGUAGE(S)
Trend Micro Maximum Security 17.7 Microsoft Windows English

Solution

PRODUCT UPDATED VERSION(S) PLATFORM LANGUAGE(S)
Trend Micro Maximum Security Version 17.7 or higher Microsoft Windows English

Vulnerability Details

Trend Micro Security 17.7 (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Mitigating Factors

It is recommended to install the latest version and download the most recent AU.

Acknowledgement

Trend Micro would like to thank Nicholas Zubrisky and Michael DePlante (@izobashi) working with Trend Micro’s Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

External Reference

  • ZDI-CAN-22269
Add a comment