Two Trend Micro zero-days exploited in the wild by hackers

Antus67

Level 9
Thread author
Verified
Well-known
Nov 3, 2019
413
Patches for both zero-days were released on Monday, along with fixes for three other similarly critical vulnerabilities.

Hackers tried to exploit two zero-days in Trend Micro antivirus products, the company said in a security alert this week.

The Japanese antivirus maker has released patches on Monday to address the two zero-days, along with three other similarly critical issues (although, not exploited in the wild).

According to the alert, the two zero-days impact the company's Apex One and OfficeScan XG enterprise security products.

Trend Micro did not release any details about the attacks.

These two zero-days mark the second and third Trend Micro antivirus bugs exploited in the wild in the last year.

In the summer of 2019, Chinese state-sponsored hackers used a Trend Micro OfficeScan zero-day (CVE-2019-18187) in an attack on Japanese electronics firm Mitsubishi Electric.

It is unclear if the two zero-days disclosed this week are related to last year's zero-day or if they're being exploited by the same hacker group (known as Tick).

ZERO-DAY DETAILS

Per Trend Micro's security bulletin, the two zero-days are:

1. CVE-2020-8467: CVSS 9.1 (CRITICAL) - A migration tool component of Trend Micro Apex One and OfficeScan contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
2. CVE-2020-8468: CVSS 8.0 (HIGH) - Trend Micro Apex One and OfficeScan agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.

The only thing we can glean from the details above is that the zero-days required hackers to have valid credentials for a victim's workstations, which means they were most likely deployed in a post-compromise scenario after hackers had already infiltrated a company's internal network.

The two zero-days were most likely used to either disable the security products or elevate the attackers' privileges on machines running the two Trend Micro antivirus products.

THREE OTHER MAJOR ISSUES
However, despite being exploited in live attacks, the two zero-days were not the worst bugs detailed in Trend Micro recent security bulletin.

The company also warned about the presence of three other vulnerabilities, all of which received a severity rating of 10 out of 10 on the CVSSv3 vulnerability scale.

According to this rating, these vulnerabilities can be exploited remotely over the internet, require no authentication, and allow full control over the antivirus (and inherently the underlying operating system). Per Trend Micro, the three issues that also need just as much attention as the two zero-days are:

3. CVE-2020-8470: CVSS 10 (CRITICAL) - Trend Micro Apex One and OfficeScan server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
4. CVE-2020-8598: CVSS 10 (CRITICAL) - Trend Micro Apex One and OfficeScan server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.
5. CVE-2020-8599: CVSS 10 (CRITICAL) - Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

Trend Micro credited its own researchers for discovering the two zero-days and the three other vulnerabilities.

The company began paying closer attention to bugs in its products after Chinese hackers exploited its antivirus in the Mitsubishi Electric hack last year.

These efforts culminated last month, in February 2020, when Trend Micro announced it was interested in acquiring bug reports for vulnerabilities in three of its major antivirus products (Apex One, OfficeScane, Deep Security) from independent researchers via its Zero-Day Initiative bug acquisition platform.


Source: Two Trend Micro zero-days exploited in the wild by hackers | ZDNet
 
B

BVLon

I gave up on Trend a couple of years or ago more the last PC was my daughters lappy, I had unused licences but that wasn't enough for me to use it again, just personal choice though?
I used to disregard Trend Micro, even though one of my friends works there. It was a company that I treated with disgrace (to say it politely). Lately, I started testing their product and I have to admit I love it. I am not pushed away by 0-days, as these have been found in any software. The user experience they provide is different than anyone else and if you go to their website, it's full of security intelligence, just like Symantec used to be before. Support is great, there is Facebook messenger instant, very responsive support, which compared to Norton and McAfee feels like something from another planet (I gave it a test). All in all, Trend Micro is doing far better than everyone is thinking.
They will release 2021 soon and there will be some interesting improvements :)
 
B

BVLon

I've used Trend Micro in the past with mixed emotions,however you can noticed the improvement and strides to make their software better and that's a plus in my book(y)
They listen to your feedback as well, unlike McAfee or Norton. When I reported 3-4 issues to them, they just said they will get it all fixed in the next release. McAfee goes a long way to “dispute” those issues you’ve uncovered.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
They listen to your feedback as well, unlike McAfee or Norton. When I reported 3-4 issues to them, they just said they will get it all fixed in the next release. McAfee goes a long way to “dispute” those issues you’ve uncovered.
The app launch time with Trend Micro is slower in my experience. Even when you open the same app again and again there's a noticeable delay which I haven't experienced with other AVs. Hopefully this is an area where they would improve as well in the 2021 version.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Not in my experience.
I just checked AV-Comparatives's last performance test and their test proves it too. So this should be the case for most people's PC if not all.
 
B

BVLon

I just checked AV-Comparatives's last performance test and their test proves it too. So this should be the case for most people's PC if not all.
AV-test performance report did not look any better either. Still though, even a big difference in this report doesn't mean much in the real world.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
I can record a video how fast everything on my PC is lol... I have not migrated all my devices to TM yet, because I am still working on confirming its effectiveness... It's on a 3-month test.
I'm still sure Trend Micro is slow at app launch but your PC is very fast so you never even notice it.
We don't have much Trend Micro user in the forum so it would be nice to have one.
 
B

BVLon

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top