Login

Register

Login

Register


Trend Micro has found and fixed several critical vulnerabilities in its products, two of which it warned are being exploited in the wild.

The security giant released patches for Apex One and OfficeScan XG on Windows, urging customers to upgrade to the latest versions “as soon as possible.”

CVE-2020-8467 is a critical zero-day a vulnerability in the migration tool component of Trend Micro Apex One and OfficeScan. It could allow remote attackers to execute arbitrary code on affected machines.

CVE-2020-8468 is rated CVSS 8.0 (high) and is described as a “content validation escape vulnerability which could allow an attacker to manipulate certain agent client components” in the OfficeScan and Apex One agents.

Both of these zero-day attacks require user authentication first.

The remaining three vulnerabilities are all rated critical. CVE-2020-8470 is a bug in the Apex One and OfficeScan server, or more specifically, a vulnerable service DLL file that could allow an attacker to delete any file on the server with system-level privileges.

CVE-2020-8598 also stems from a vulnerable service DLL file, but this time one which could allow a remote attacker to execute arbitrary code on affected installations with system-level privileges.

CVE-2020-8599 relates to a vulnerable exe file on the Apex One/OfficeScan server which could allow a remote attacker “to write arbitrary data to an arbitrary path on affected installations and bypass root login.”

All three can be exploited without authentication.

“Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. Customers are encouraged to review and ensure the product servers and management consoles are restricted to trusted networks and/or users as appropriate,” the security update noted.

“In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.”

Trend Micro Research discovered the vulnerabilities in question.

Such discoveries are not uncommon in an industry more focused than most on ensuring products are bug-free. A few years back, flaws were found in offerings from 11 separate security vendors.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW