Release Date: April 15, 2024
CVE Vulnerability Identifier: CVE-2024-32849
Platform(s): Microsoft Windows
CVSSv3 Scores:7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Trend Micro has released an update via ActiveUpdate for the Trend Micro Security for Windows family of consumer products which resolves a Privilege Escalation Vulnerability by updating the libraries in version 17.7 or higher of the software.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Maximum Security | 17.7 | Microsoft Windows | English |
Solution
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| Trend Micro Maximum Security | Version 17.7 or higher | Microsoft Windows | English |
Vulnerability Details
Trend Micro Security 17.7 (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Mitigating Factors
It is recommended to install the latest version and download the most recent AU.
Acknowledgement
Trend Micro would like to thank Nicholas Zubrisky and Michael DePlante (@izobashi) working with Trend Micro’s Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
External Reference
- ZDI-CAN-22269