Views:

Bulletin Date: May 20, 2021

Platform: Microsoft Windows

Assigned CVE: CVE-2021-32460

CVSS 3.0 Score(s): 7.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity Rating: High

Summary

Trend Micro has released an updated installer package for the Trend Micro Maximum Security 2021 (v17) consumer product which resolves an improper access control privilege escalation vulnerability.

Affected versions

PRODUCT AFFECTED VERSIONS PLATFORM PLATFORM
Maximum Security 2021 (v17) installer packages released before May 20, 2021 Windows English

Solution

PRODUCT UPDATED BUILD(S) PLATFORM PLATFORM
Maximum Security 2021 (v17) installer packages released May 20, 2021 and beyond Windows English


Trend Micro has updated the Trend Micro Maximum Security 2021 installer with the latest fixes.

Vulnerability Details

  • CVE-2021-32460: The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine.

Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

References

  • ZDI-CAN-12346