Release Date: December 30, 2022
CVE Vulnerability Identifier: CVE-2022-48191
Platform(s): Microsoft Windows
Summary
Trend Micro has released an update via ActiveUpdate for Trend Micro Maximum Security 2022 which resolves a security time-of-check time-of-use local privilege escalation vulnerability.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Maximum Security | 2022 (v17.7) | Microsoft Windows | English |
Solution
Trend Micro has released an update via ActiveUpdate that resolves the issue:
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Maximum Security | 17.7.1634 | Microsoft Windows | English |
Vulnerability Details
This ActiveUpdate resolves a vulnerability in the product wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Simon Zuckerbraun for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Support for further assistance.
External Reference
- ZDI-CAN-18291
