Bulletin Date: August 29, 2021
CVE Vulnerability Identifier: CVE-2021-36744
Platform: Microsoft Windows
CVSSv3 Score: 6.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Severity Rating: Medium
Summary
Trend Micro has released hotfixes for the Trend Micro Security 2021 and 2020 family of consumer products which resolves a Directory Junction Denial-Of-Service vulnerability.
Affected versions
| PRODUCT | AFFECTED VERSIONS | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Security for Best Buy | 2021 (v17.2) | Windows | English |
| Trend Micro Security | 2021 (v17) | Windows | English |
| Trend Micro Security | 2020 (v16) | Windows | English |
| Trend Micro Security | 2019 (v15) | Windows | English |
Solution
Trend Micro has released a hotfix available for each version below that resolves the issue:
| PRODUCT | HOTFIX | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Security for Best Buy | 2021 (v17.2) (download here) |
Windows | English |
| Trend Micro Security | 2021 (v17) (download here) |
Windows | English |
| Trend Micro Security | 2020 (v16) (download here) |
Windows | English |
| Trend Micro Security | 2019 (v15) (download here) |
Windows | English |
Vulnerability Details
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Abdelhamid Naceri working with Trend Micro’s Zero Day Initiative
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
Reference
- ZDI-CAN-13371