![](/style/images/good.png)
![](/style/images/bad.png)
Trend Micro Security 2020 (Consumer) Security Race Condition Arbitrary File Dele...
source link: https://helpcenter.trendmicro.com/en-us/article/TMKA-09909
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Security Bulletin: Trend Micro Security 2020 (Consumer) Security Race Condition Arbitrary File Deletion Vulnerability
PUBLISHED: SEP 25, 2020
Bulletin Date: September 25, 2020
Platform: Microsoft Windows
Assigned CVE: CVE-2020-25775
CVSSv3 Score: 5.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H))
Severity Rating: Medium
Summary
The Trend Micro Security 2020 consumer family of products has released an update via ActiveUpdate to address a race condition arbitrary file deletion vulnerability.
Affected versions
Product Affected Versions Platform Language(s) Premium Security 2020 (v16 and below) Windows English Maximum Security 2020 (v16 and below) Windows English Internet Security 2020 (v16 and below) Windows English Antivirus+ 2020 (v16 and below) Windows English
Solution
Product Updated Build(s) Platform Language(s) All Trend Micro Security versions at or above 2020 (v16) via ActiveUpdate and 2021 (v17) Windows English
Trend Micro has addressed this vulnerability via a patch that is available now through the product’s automatic Active Update feature for all versions of Trend Micro Security listed above. Customers who are up-to-date and have at least Trend Micro Security 2020 (v16) will already have the necessary patch applied. Customers who are concerned about this issue and have 2019 (v15) and below are recommended to upgrade to either 2020 (v16) or 2021 (v17).
The latest version of Trend Micro Security 2021 (v17) can be found here.
Vulnerability Details
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Abdelhamid Naceri working with Trend Micro’s Zero Day Initiative
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
Technical Reference
- ZDI-CAN-10819
-
It wasn't helpful at all.Rate this article.
-
Somewhat helpful.It was not helpful.
-
Just okay.Just okay.
-
It was somewhat helpful.It was helpful.
-
It was helpful.It was very helpful.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK