Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Two Trend Micro zero-days exploited in the wild by hackers
Message
<blockquote data-quote="Antus67" data-source="post: 866409" data-attributes="member: 83595"><p>Patches for both zero-days were released on Monday, along with fixes for three other similarly critical vulnerabilities. </p><p></p><p>Hackers tried to exploit two zero-days in Trend Micro antivirus products, the company said in a security alert this week.</p><p></p><p>The Japanese antivirus maker has released patches on Monday to address the two zero-days, along with three other similarly critical issues (although, not exploited in the wild).</p><p></p><p>According to the alert, the two zero-days impact the company's <a href="https://www.trendmicro.com/en_us/business/products/user-protection/sps/endpoint.html" target="_blank">Apex One</a> and <a href="https://www.trendmicro.com/en_us/business/products/user-protection/sps/endpoint.html" target="_blank">OfficeScan XG</a> enterprise security products.</p><p></p><p>Trend Micro did not release any details about the attacks.</p><p></p><p>These two zero-days mark the second and third Trend Micro antivirus bugs exploited in the wild in the last year.</p><p></p><p>In the summer of 2019, Chinese state-sponsored hackers used a Trend Micro OfficeScan zero-day (<a href="https://success.trendmicro.com/solution/000151730" target="_blank">CVE-2019-18187</a>) in an <a href="https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/" target="_blank">attack on Japanese electronics firm Mitsubishi Electric</a>.</p><p></p><p>It is unclear if the two zero-days disclosed this week are related to last year's zero-day or if they're being exploited by the same hacker group (known as Tick).</p><p></p><p><span style="font-size: 18px"><strong>ZERO-DAY DETAILS</strong></span></p><p></p><p>Per <a href="https://success.trendmicro.com/solution/000245571" target="_blank">Trend Micro's security bulletin</a>, the two zero-days are:</p><p></p><p>1. <strong>CVE-2020-8467</strong>: <em>CVSS 9.1 (CRITICAL)</em> - A migration tool component of Trend Micro Apex One and OfficeScan contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.</p><p>2. <strong>CVE-2020-8468</strong>: <em>CVSS 8.0 (HIGH</em>) - Trend Micro Apex One and OfficeScan agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.</p><p></p><p>The only thing we can glean from the details above is that the zero-days required hackers to have valid credentials for a victim's workstations, which means they were most likely deployed in a post-compromise scenario after hackers had already infiltrated a company's internal network.</p><p></p><p>The two zero-days were most likely used to either disable the security products or elevate the attackers' privileges on machines running the two Trend Micro antivirus products.</p><p></p><p><span style="font-size: 18px"><strong>THREE OTHER MAJOR ISSUES</strong></span></p><p>However, despite being exploited in live attacks, the two zero-days were not the worst bugs detailed in Trend Micro recent security bulletin.</p><p></p><p>The company also warned about the presence of three other vulnerabilities, all of which received a severity rating of 10 out of 10 on the CVSSv3 vulnerability scale.</p><p></p><p>According to this rating, these vulnerabilities can be exploited remotely over the internet, require no authentication, and allow full control over the antivirus (and inherently the underlying operating system). Per Trend Micro, the three issues that also need just as much attention as the two zero-days are:</p><p></p><p>3. <strong>CVE-2020-8470</strong>: <em>CVSS 10 (CRITICAL)</em> - Trend Micro Apex One and OfficeScan server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.</p><p>4. <strong>CVE-2020-8598</strong>: <em>CVSS 10 (CRITICAL)</em> - Trend Micro Apex One and OfficeScan server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability.</p><p>5. <strong>CVE-2020-8599</strong>: <em>CVSS 10 (CRITICAL)</em> - Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.</p><p></p><p>Trend Micro credited its own researchers for discovering the two zero-days and the three other vulnerabilities.</p><p></p><p>The company began paying closer attention to bugs in its products after Chinese hackers exploited its antivirus in the Mitsubishi Electric hack last year.</p><p></p><p>These efforts culminated last month, <a href="https://www.thezdi.com/blog/2020/2/9/announcing-a-targeted-incentive-program-for-selected-trend-micro-products" target="_blank">in February 2020</a>, when Trend Micro announced it was interested in acquiring bug reports for vulnerabilities in three of its major antivirus products (Apex One, OfficeScane, Deep Security) from independent researchers via its Zero-Day Initiative bug acquisition platform.</p><p></p><p></p><p>Source: <a href="https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/#ftag=RSSbaffb68" target="_blank">Two Trend Micro zero-days exploited in the wild by hackers | ZDNet</a></p></blockquote><p></p>
[QUOTE="Antus67, post: 866409, member: 83595"] Patches for both zero-days were released on Monday, along with fixes for three other similarly critical vulnerabilities. Hackers tried to exploit two zero-days in Trend Micro antivirus products, the company said in a security alert this week. The Japanese antivirus maker has released patches on Monday to address the two zero-days, along with three other similarly critical issues (although, not exploited in the wild). According to the alert, the two zero-days impact the company's [URL='https://www.trendmicro.com/en_us/business/products/user-protection/sps/endpoint.html']Apex One[/URL] and [URL='https://www.trendmicro.com/en_us/business/products/user-protection/sps/endpoint.html']OfficeScan XG[/URL] enterprise security products. Trend Micro did not release any details about the attacks. These two zero-days mark the second and third Trend Micro antivirus bugs exploited in the wild in the last year. In the summer of 2019, Chinese state-sponsored hackers used a Trend Micro OfficeScan zero-day ([URL='https://success.trendmicro.com/solution/000151730']CVE-2019-18187[/URL]) in an [URL='https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/']attack on Japanese electronics firm Mitsubishi Electric[/URL]. It is unclear if the two zero-days disclosed this week are related to last year's zero-day or if they're being exploited by the same hacker group (known as Tick). [SIZE=5][B]ZERO-DAY DETAILS[/B][/SIZE] Per [URL='https://success.trendmicro.com/solution/000245571']Trend Micro's security bulletin[/URL], the two zero-days are: 1. [B]CVE-2020-8467[/B]: [I]CVSS 9.1 (CRITICAL)[/I] - A migration tool component of Trend Micro Apex One and OfficeScan contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication. 2. [B]CVE-2020-8468[/B]: [I]CVSS 8.0 (HIGH[/I]) - Trend Micro Apex One and OfficeScan agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. The only thing we can glean from the details above is that the zero-days required hackers to have valid credentials for a victim's workstations, which means they were most likely deployed in a post-compromise scenario after hackers had already infiltrated a company's internal network. The two zero-days were most likely used to either disable the security products or elevate the attackers' privileges on machines running the two Trend Micro antivirus products. [SIZE=5][B]THREE OTHER MAJOR ISSUES[/B][/SIZE] However, despite being exploited in live attacks, the two zero-days were not the worst bugs detailed in Trend Micro recent security bulletin. The company also warned about the presence of three other vulnerabilities, all of which received a severity rating of 10 out of 10 on the CVSSv3 vulnerability scale. According to this rating, these vulnerabilities can be exploited remotely over the internet, require no authentication, and allow full control over the antivirus (and inherently the underlying operating system). Per Trend Micro, the three issues that also need just as much attention as the two zero-days are: 3. [B]CVE-2020-8470[/B]: [I]CVSS 10 (CRITICAL)[/I] - Trend Micro Apex One and OfficeScan server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. 4. [B]CVE-2020-8598[/B]: [I]CVSS 10 (CRITICAL)[/I] - Trend Micro Apex One and OfficeScan server contains a vulnerable service DLL file that could allow a remote attacker to execute arbitrary code on affected installations with SYSTEM level privileges. Authentication is not required to exploit this vulnerability. 5. [B]CVE-2020-8599[/B]: [I]CVSS 10 (CRITICAL)[/I] - Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability. Trend Micro credited its own researchers for discovering the two zero-days and the three other vulnerabilities. The company began paying closer attention to bugs in its products after Chinese hackers exploited its antivirus in the Mitsubishi Electric hack last year. These efforts culminated last month, [URL='https://www.thezdi.com/blog/2020/2/9/announcing-a-targeted-incentive-program-for-selected-trend-micro-products']in February 2020[/URL], when Trend Micro announced it was interested in acquiring bug reports for vulnerabilities in three of its major antivirus products (Apex One, OfficeScane, Deep Security) from independent researchers via its Zero-Day Initiative bug acquisition platform. Source: [URL="https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/#ftag=RSSbaffb68"]Two Trend Micro zero-days exploited in the wild by hackers | ZDNet[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
