Views:

Bulletin Date: September 25, 2020

Platform: Microsoft Windows

Assigned CVE: CVE-2020-25775

CVSSv3 Score: 5.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H))

Severity Rating: Medium


Summary

The Trend Micro Security 2020 consumer family of products has released an update via ActiveUpdate to address a race condition arbitrary file deletion vulnerability.

Affected versions

Product Affected Versions Platform Language(s)
Premium Security 2020 (v16 and below) Windows English
Maximum Security 2020 (v16 and below) Windows English
Internet Security 2020 (v16 and below) Windows English
Antivirus+ 2020 (v16 and below) Windows English

Solution

Product Updated Build(s) Platform Language(s)
All Trend Micro Security versions at or above 2020 (v16) via ActiveUpdate and 2021 (v17) Windows English


Trend Micro has addressed this vulnerability via a patch that is available now through the product’s automatic Active Update feature for all versions of Trend Micro Security listed above. Customers who are up-to-date and have at least Trend Micro Security 2020 (v16) will already have the necessary patch applied. Customers who are concerned about this issue and have 2019 (v15) and below are recommended to upgrade to either 2020 (v16) or 2021 (v17).

The latest version of Trend Micro Security 2021 (v17) can be found here.

Vulnerability Details

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers: 

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Technical Reference

  • ZDI-CAN-10819
Add a comment
Home Support

Security Bulletin: Trend Micro Security 2020 (Consumer) Security Race Condition Arbitrary File Deletion Vulnerability

Bulletin Date: September 25, 2020

Platform: Microsoft Windows

Assigned CVE: CVE-2020-25775

CVSSv3 Score: 5.3 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H))

Severity Rating: Medium


Summary

The Trend Micro Security 2020 consumer family of products has released an update via ActiveUpdate to address a race condition arbitrary file deletion vulnerability.

Affected versions

Product Affected Versions Platform Language(s)
Premium Security 2020 (v16 and below) Windows English
Maximum Security 2020 (v16 and below) Windows English
Internet Security 2020 (v16 and below) Windows English
Antivirus+ 2020 (v16 and below) Windows English

Solution

Product Updated Build(s) Platform Language(s)
All Trend Micro Security versions at or above 2020 (v16) via ActiveUpdate and 2021 (v17) Windows English


Trend Micro has addressed this vulnerability via a patch that is available now through the product’s automatic Active Update feature for all versions of Trend Micro Security listed above. Customers who are up-to-date and have at least Trend Micro Security 2020 (v16) will already have the necessary patch applied. Customers who are concerned about this issue and have 2019 (v15) and below are recommended to upgrade to either 2020 (v16) or 2021 (v17).

The latest version of Trend Micro Security 2021 (v17) can be found here.

Vulnerability Details

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers: 

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

Technical Reference

  • ZDI-CAN-10819

Rate this article.

  • Rate this article.
  • It was not helpful.
  • Just okay.
  • It was helpful.
  • It was very helpful.