Security News > 2020 > March > Trend Micro fixes two actively exploited zero-days in enterprise products
Trend Micro has fixed two actively exploited zero-day vulnerabilities in its Apex One and OfficeScan XG enterprise security products, and advises customers to update to the latest software versions as soon as possible.
CVE-2020-8467, a critical flaw in the migration tool component of the two solutions that could allow remote attackers to execute arbitrary code on affected installations.
In both cases, attackers must authenticate to the target endpoint with valid, compromised credentials before attempting exploitation, which means that these flaws are likely to have been exploited by attackers who have already found their way into the enterprise network.
These allow remote attacks without authentication, but Trend Micro has not observed any attempted exploits of those vulnerabilities.
Back in October 2019, Trend Micro fixed CVE-2019-18187, a vulnerability affecting OfficeScan, that has been used by a Chinese hacker group that breached Mitsubishi Electric.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/RFGEIYbeDAQ/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-18 | CVE-2020-8467 | Unspecified vulnerability in Trendmicro Apex ONE and Officescan A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). | 6.5 |
| 2019-10-28 | CVE-2019-18187 | Path Traversal vulnerability in Trendmicro Officescan 11.0/Xg Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). | 5.0 |