Connect with us

Hi, what are you looking for?


Malware & Threats

Trend Micro Patches Two Vulnerabilities Exploited in the Wild

Trend Micro has patched several serious vulnerabilities in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of flaws that have been exploited in the wild.

Trend Micro has patched several serious vulnerabilities in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of flaws that have been exploited in the wild.

One of the actively exploited vulnerabilities, tracked as CVE-2020-8467, is related to a migration tool component of Apex One and OfficeScan. It allows a remote, authenticated attacker to execute arbitrary code on affected installations.

The second flaw, tracked as CVE-2020-8468 and described as a content validation escape issue, impacts the agents for Worry-Free Business Security, Apex One and OfficeScan. It allows an authenticated attacker to “manipulate certain agent client components.”

The exploited vulnerabilities were identified by Trend Micro’s own researchers, but no information has been released about the attacks.

Since exploitation of the flaws requires authentication, the attacks involving CVE-2020-8467 and CVE-2020-8468 likely also leveraged other vulnerabilities as well.

This is not the first time malicious actors have exploited vulnerabilities in Trend Micro products. An attack launched last year against Mitsubishi Electric reportedly involved exploitation of a vulnerability in Trend Micro’s OfficeScan product. The attack was attributed to the China-linked threat group known as Tick.

The Trend Micro advisories describing the Apex One and OfficeScan vulnerabilities also inform users that the two products are affected by three other critical weaknesses and these can be exploited without authentication.

Advertisement. Scroll to continue reading.

Two of the security holes are related to service DLL files and they can be exploited to execute arbitrary code with elevated privileges and to delete any file on the server. The third vulnerability is related to an EXE file and it can allow a remote attacker to “write arbitrary data to an arbitrary path on affected installations and bypass root login.” Trend Micro says there is no evidence that these vulnerabilities have been exploited for malicious purposes.

The DLL file vulnerabilities also impact Worry-Free Business Security, which is also affected by a high-severity directory traversal flaw that can be exploited to bypass authentication.

Related: Trend Micro Patches Code Execution Vulnerability in Anti-Threat Toolkit

Related: Vulnerabilities Disclosed in Kaspersky, Trend Micro Products

Related: Trend Micro Patches More Vulnerabilities in Anti-Threat Toolkit

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.