Trend Micro Patches Two Zero-Days Under Attack

Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.

Dark Reading Staff, Dark Reading

March 18, 2020

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Trend Micro has issued critical patches for several vulnerabilities in its Apex One and OfficeScan XG enterprise security products. Attackers have tried to exploit at least two of these flaws.

CVE-2020-8467, one of the two zero-days, is a critical remote code execution vulnerability in a migration tool component in Apex One and OfficeScan. This could allow remote attackers to execute arbitrary code in affected installations. The second zero-day, CVE-2020-8468, is a content validation escape flaw that could let an attacker manipulate certain agent client components. Both of these require valid user credentials for exploitation, Trend Micro reports.

In addition to the zero-days, today's updates address three additional vulnerabilities, all of which are critical and do not require user authentication. Trend Micro says it has not observed attempted exploits of CVE-2020-8470, CVE-2020-8598, or CVE-2020-8599 in the wild.

Patches have been deployed for software versions including Apex One (on premise) CP 2117 for Windows, OfficeScan XG SP1 CP 5474 for Windows, and OfficeScan XG CP 1988 for Windows. Businesses are urged to update to the latest version of each product if a new one is available.

Read more details here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights