Trend Micro has released security updates to address several serious flaws in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of vulnerabilities that have been exploited by threat actors in the wild.
Both vulnerabilities exploited in the wild were found by the researchers of the company, but the company did not release details about the attacks.
The first issue, tracked as CVE-2020-8467, impacts the migration tool component of Apex One and OfficeScan. It could be exploited by a remote, authenticated attacker to execute arbitrary code on vulnerable installs.
“A migration tool component of
The vulnerability rated as critical severity has received a CVSS score of 9.1.
The second vulnerability exploited in the wild, tracked as CVE-2020-8468 is a content validation escape issue that affects the agents for Worry-Free Business Security, Apex One and OfficeScan. The vulnerability could be exploited by an authenticated attacker to “manipulate certain agent client components.”
“Trend Micro Worry-Free Business Security agents are affected by a content validation escape
The CVE-2020-8468 vulnerability, rated as High severity has a CVSS score of 8.0.
Experts pointed out that both issues have to be chained with other vulnerabilities to be exploited in attacks in the wild.