Release Date: December 30, 2022
CVE Vulnerability Identifier: CVE-2022-48191
Platform(s): Microsoft Windows
Trend Micro has released an update via ActiveUpdate for Trend Micro Maximum Security 2022 which resolves a security time-of-check time-of-use local privilege escalation vulnerability.
|Trend Micro Maximum Security||2022 (v17.7)||Microsoft Windows||English|
Trend Micro has released an update via ActiveUpdate that resolves the issue:
|Trend Micro Maximum Security||17.7.1634||Microsoft Windows||English|
This ActiveUpdate resolves a vulnerability in the product wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
None identified. Customers are advised to ensure they always have the latest version of the program.
Trend Micro would like to thank Simon Zuckerbraun for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.