4

Trend Micro Security 2020 (Consumer) Security Race Condition Arbitrary File Dele...

 3 years ago
source link: https://helpcenter.trendmicro.com/en-us/article/TMKA-09909
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Security Bulletin: Trend Micro Security 2020 (Consumer) Security Race Condition Arbitrary File Deletion Vulnerability

PUBLISHED: SEP 25, 2020

Bulletin Date: September 25, 2020

Platform: Microsoft Windows

Assigned CVE: CVE-2020-25775

CVSSv3 Score: 5.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H))

Severity Rating: Medium

Summary

The Trend Micro Security 2020 consumer family of products has released an update via ActiveUpdate to address a race condition arbitrary file deletion vulnerability.

Affected versions

Product Affected Versions Platform Language(s) Premium Security 2020 (v16 and below) Windows English Maximum Security 2020 (v16 and below) Windows English Internet Security 2020 (v16 and below) Windows English Antivirus+ 2020 (v16 and below) Windows English

Solution

Product Updated Build(s) Platform Language(s) All Trend Micro Security versions at or above 2020 (v16) via ActiveUpdate and 2021 (v17) Windows English

Trend Micro has addressed this vulnerability via a patch that is available now through the product’s automatic Active Update feature for all versions of Trend Micro Security listed above. Customers who are up-to-date and have at least Trend Micro Security 2020 (v16) will already have the necessary patch applied. Customers who are concerned about this issue and have 2019 (v15) and below are recommended to upgrade to either 2020 (v16) or 2021 (v17).

The latest version of Trend Micro Security 2021 (v17) can be found here.

Vulnerability Details

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers: 

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Technical Reference

  • ZDI-CAN-10819
Rate this article.
  • Rate this article.
    It wasn't helpful at all.
  • It was not helpful.
    Somewhat helpful.
  • Just okay.
    Just okay.
  • It was helpful.
    It was somewhat helpful.
  • It was very helpful.
    It was helpful.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK