Trend Micro Patches Two Zero-Days Under Attack

Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.



Trend Micro has issued critical patches for several vulnerabilities in its Apex One and OfficeScan XG enterprise security products. Attackers have tried to exploit at least two of these flaws.

CVE-2020-8467, one of the two zero-days, is a critical remote code execution vulnerability in a migration tool component in Apex One and OfficeScan. This could allow remote attackers to execute arbitrary code in affected installations. The second zero-day, CVE-2020-8468, is a content validation escape flaw that could let an attacker manipulate certain agent client components. Both of these require valid user credentials for exploitation, Trend Micro reports.

In addition to the zero-days, today's updates address three additional vulnerabilities, all of which are critical and do not require user authentication. Trend Micro says it has not observed attempted exploits of CVE-2020-8470, CVE-2020-8598, or CVE-2020-8599 in the wild.

Patches have been deployed for software versions including Apex One (on premise) CP 2117 for Windows, OfficeScan XG SP1 CP 5474 for Windows, and OfficeScan XG CP 1988 for Windows. Businesses are urged to update to the latest version of each product if a new one is available.

Read more details here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service