Bulletin Date: February 9, 2021
Platform: Microsoft Windows
Assigned CVE: CVE-2021-25251
CVSS 3.0 Score(s): 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity Rating: High
Summary
Trend Micro has released an update to the Trend Micro Security 2020 and 2021 families of consumer products which resolve a code injection vulnerability.
Affected versions
| PRODUCT | AFFECTED VERSIONS | PLATFORM | PLATFORM |
|---|---|---|---|
| Premium Security | 2020 (v16) and 2021 (v17) | Windows | English |
| Maximum Security | 2020 (v16) and 2021 (v17) | Windows | English |
| Internet Security | 2020 (v16) and 2021 (v17) | Windows | English |
| Antivirus+ | 2020 (v16) and 2021 (v17) | Windows | English |
Solution
| PRODUCT | UPDATED BUILD(S) | PLATFORM | PLATFORM |
|---|---|---|---|
| All Trend Micro Security versions above | 2020 (v16) and 2021 (v17) | Windows | English |
Trend Micro has released an update via the product’s ActiveUpdate automatic update mechanism to resolve this issue. Your Trend Micro Security program should receive the update automatically as long as your computer is connected to the Internet.
The latest versions of Trend Micro Security (Consumer) can be found here.
Vulnerability Details
- CVE-2021-25251: The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program’s password protection and disable protection.
Please note that an attacker must already have administrator privileges on the machine to exploit this vulnerability.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.