Bulletin Date: December 31, 2020
Platform: Microsoft Windows
CVSSv3 Scores: 6.6 (Medium)
Summary
Trend Micro has released a hotfix for the Trend Micro Security 2021 family of consumer products which resolves a local privilege escalation vulnerability.
Affected versions
| PRODUCT | AFFECTED VERSIONS | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Premium Security | 2021 (v17) | Microsoft Windows | English |
| Maximum Security | 2021 (v17) | Microsoft Windows | English |
| Internet Security | 2021 (v17) | Microsoft Windows | English |
| Antivirus+ Security | 2021 (v17) | Microsoft Windows | English |
Solution
| PRODUCT | AFFECTED VERSIONS | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| All Versions Above | 2021 (v17) Hotfix 1001 | Microsoft Windows | English |
Trend Micro has released a hotfix available here, that resolves the issue.
Vulnerability Details
The Trend Micro Security 2021 family of consumer products is vulnerable to a local privilege vulnerability related to the Clean Privacy Feature of the product which could allow an attacker to delete arbitrary files.
Please note that an attacker must already have user privileges on the machine to exploit this vulnerability.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro acknowledges the following individual for discovering this issue:
- Abdelhamid Naceri (halov)
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.