Release Date: July 06, 2024
Trend Micro Vulnerability Identifier: CVE-2024-41183
Platform(s):Windows 10 22H2 version or higher
Summary
Trend Micro has released a new version of Trend Micro VPN. This update addresses a vulnerability that previously allowed local privilege escalation under special circumstances due to vulnerable logging functionality exposed to standard users.
Affected version(s)
PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
---|---|---|---|
Trend Micro VPN | 5.8.1012 and below | Windows 10 22H2 | English |
Solution
PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
---|---|---|---|
Trend Micro VPN | 5.8.1030 | Windows | English |
Vulnerability Details
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Trend Micro would like to thank Hashim Jawad (@ihack4falafel) working with Trend Micro’s Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
External Reference
- ZDI-CAN-22716
- ZDI-CAN-22717