Views:

Release Date: December 30, 2022

CVE Vulnerability Identifier: CVE-2022-48191

Platform(s): Microsoft Windows

Summary

Trend Micro has released an update via ActiveUpdate for Trend Micro Maximum Security 2022 which resolves a security time-of-check time-of-use local privilege escalation vulnerability.

Affected version(s)

PRODUCT AFFECTED VERSION(S) PLATFORM LANGUAGE(S)
Trend Micro Maximum Security 2022 (v17.7) Microsoft Windows English

Solution

Trend Micro has released an update via ActiveUpdate that resolves the issue:

PRODUCT AFFECTED VERSION(S) PLATFORM LANGUAGE(S)
Trend Micro Maximum Security 17.7.1634 Microsoft Windows English

Vulnerability Details

This ActiveUpdate resolves a vulnerability in the product wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.

Mitigating Factors

None identified. Customers are advised to ensure they always have the latest version of the program.

Acknowledgement

Trend Micro would like to thank Simon Zuckerbraun for responsibly disclosing this issue and working with Trend Micro to help protect our customers.

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Support for further assistance.

External Reference

  • ZDI-CAN-18291
Add a comment