Trend Micro released several patches last year to address known vulnerabilities. Since that time, an attempt was observed to leverage one of these vulnerabilities in a single unpatched customer system.
This is not a zero-day exploit since the attempt occurred long after the patch was released, and although the commonly used phrase “in the wild” can suggest a widespread issue, it has not been observed beyond the single affected customer.
In August 2020, Trend Micro released patches for Trend Micro Apex One, Apex One as a Service (SaaS), and OfficeScan XG SP1.
We were recently made aware of a single instance in which an exploit leveraging CVE-2020-24557 was used against a customer that had not applied the available patch. We worked with that customer for incident response handling to address the problem.
The patches released in August stemmed from vulnerabilities disclosed to the Trend Micro Zero Day Initiative (ZDI). These patches resolve multiple vulnerabilities related to hard link privilege escalation, out-of-bounds read information disclosure and improper access control.
This customer support article from August provides more technical details and information on the minimum recommended versions of the patches and/or builds required to address the issue.
We highly encourage customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin. As these patches were released last August, other updates have been made since then, updating to the latest version is the recommended best practice.
Timely patch management is a critical process, and prioritizing updates to security software is paramount in our ability to ensure the protection of our customers.
SaaS customers have been automatically protected since August, as well as any customer who has applied the patches.