Bulletin Date: August 29, 2021
CVE Vulnerability Identifier: CVE-2021-36744
Platform: Microsoft Windows
CVSSv3 Score: 6.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Severity Rating: Medium
Trend Micro has released hotfixes for the Trend Micro Security 2021 and 2020 family of consumer products which resolves a Directory Junction Denial-Of-Service vulnerability.
|Trend Micro Security for Best Buy||2021 (v17.2)||Windows||English|
|Trend Micro Security||2021 (v17)||Windows||English|
|Trend Micro Security||2020 (v16)||Windows||English|
|Trend Micro Security||2019 (v15)||Windows||English|
Trend Micro has released a hotfix available for each version below that resolves the issue:
|Trend Micro Security for Best Buy||2021 (v17.2)
|Trend Micro Security||2021 (v17)
|Trend Micro Security||2020 (v16)
|Trend Micro Security||2019 (v15)
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.
Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.
Trend Micro would like to thank the following individual for responsibly disclosing the issue and working with Trend Micro to help protect our customers:
- Abdelhamid Naceri working with Trend Micro’s Zero Day Initiative
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.