Bulletin Date: May 20, 2021
Platform: Microsoft Windows
Assigned CVE: CVE-2021-32460
CVSS 3.0 Score(s): 7.8AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity Rating: High
Summary
Trend Micro has released an updated installer package for the Trend Micro Maximum Security 2021 (v17) consumer product which resolves an improper access control privilege escalation vulnerability.
Affected versions
| PRODUCT | AFFECTED VERSIONS | PLATFORM | PLATFORM |
|---|---|---|---|
| Maximum Security | 2021 (v17) installer packages released before May 20, 2021 | Windows | English |
Solution
| PRODUCT | UPDATED BUILD(S) | PLATFORM | PLATFORM |
|---|---|---|---|
| Maximum Security | 2021 (v17) installer packages released May 20, 2021 and beyond | Windows | English |
Trend Micro has updated the Trend Micro Maximum Security 2021 installer with the latest fixes.
Vulnerability Details
- CVE-2021-32460: The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine.
Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Acknowledgement
Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Abdelhamid Naceri (halov) working with the Trend Micro Zero Day Initiative
- Mark Cherp
- Eran Shimony
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
References
- ZDI-CAN-12346