Trend Micro has issued critical patches for several vulnerabilities in its Apex One and OfficeScan XG enterprise security products. Attackers have tried to exploit at least two of these flaws.
CVE-2020-8467, one of the two zero-days, is a critical remote code execution vulnerability in a migration tool component in Apex One and OfficeScan. This could allow remote attackers to execute arbitrary code in affected installations. The second zero-day, CVE-2020-8468, is a content validation escape flaw that could let an attacker manipulate certain agent client components. Both of these require valid user credentials for exploitation, Trend Micro reports.
In addition to the zero-days, today's updates address three additional vulnerabilities, all of which are critical and do not require user authentication. Trend Micro says it has not observed attempted exploits of CVE-2020-8470, CVE-2020-8598, or CVE-2020-8599 in the wild.
Patches have been deployed for software versions including Apex One (on premise) CP 2117 for Windows, OfficeScan XG SP1 CP 5474 for Windows, and OfficeScan XG CP 1988 for Windows. Businesses are urged to update to the latest version of each product if a new one is available.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"