Critical Security Flaw in Trend Micro Platform Prompts Emergency Patch

US-Japanese cybersecurity firm Trend Micro is the latest security vendor to be pulled into a nightmare week after it was revealed that they had missed an exploit in their platform that has been used in the wild. Trend Micro has issued an emergency patch and is urging all customers to update immediately.

The severity of this vulnerability shouldn’t be underestimated: It can completely compromise your computer or network without any user interaction whatsoever.

The vulnerability, tracked as CVE-2020–24557, affects Trend Micro’s Apex One and OfficeScan XG, two enterprise security products.

Months before the bug was exploited in the wild, Christopher Vella from Microsoft reported it to Trend Micro through their Zero-Day Initiative.

Trend Micro had patched the bug in August 2020, but after learning of incidents where the same bug was being exploited to attack its customers, Trend Micro updated its initial security advisory with more information.

“The specific flaw exists within the logic that controls access to the Misc folder,” ZDI wrote in a blog post last year. “An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.”

Based on this description of the bug, it cannot be used to break into systems but was used by hackers as a second step in an exploit chain after they inoculated compromised computers with malicious code.

Trend Micro did not share any details about the parties exploiting the vulnerability. Still, a source familiar with the attack told The Record that an advanced persistent threat had exploited it.

This bug is the fourth vulnerability affecting Apex One and OfficeScan XG security products that have been exploited in the wild. Previously, three vulnerabilities were revealed, CVE-2019–18187, CVE-2020–8467, and CVE-2020–8468.

So far, in 2019 and 2020, three of these bugs have been abused. The first bug, discovered by Trend Micro, was exploited against Mitsubishi in China.

This has been a terrible week for security vendors.

News about hackers exploiting the Trend Micro vulnerability comes a day after FireEye disclosed that multiple hacking groups have already exploited zero-days in security products from Pulse Secure and SonicWall.

Amid the growing list of security vendor compromises, a new set of attacks demonstrate that security products are just as vulnerable to be exploited as any other software. Perhaps more concerning is the central position these products occupy in most company networks and their potential for breaching high-profile targets through vulnerable entry points.

The Trend Micro team has issued an emergency patch to address the critical security flaw affecting the company’s enterprise-level products. However, to protect against this threat and any potential future ones, organizations need to install updates as soon as they become available and then implement additional best practices that will mitigate risks of infection. For instance, scanning all emails with antivirus software before opening them can help prevent phishing attacks from infecting your computer system; implementing multi-factor authentication on sensitive systems might also work well.

Are you confident that the systems you have in place are configured correctly to detect and respond against a ransomware attack?

Cymulate’s Immediate Threat Intelligence vector is designed to inform and evaluate your organization’s security posture as quickly as possible against the latest cyber-attacks. The Cymulate Research Lab created the simulation, which catches and analyzes threats immediately after cybercriminals and malicious hackers launch them.

By running this breach and attack simulation, you can validate within a short time if your organization would be vulnerable to these latest threats and take measures before an attack occurs.

ChatFortress has created the Business Cybersecurity System to help protect companies big and small. The Business Cybersecurity System provides you with complete protection based on your needs and business goals.

About ChatFortress:

ChatFortress is a leading cybersecurity company helping business owners protect their assets from cybercriminals. ChatFortress is the creator of the Cybersecurity Report Card, the only external security assessment that validates 3rd party risk. We provide companies with access to the latest technologies, social engineering and human behavioral strategies, and user education to create a proactive cybersecurity culture. Helping you fortify your business against cyberattacks.