Trend Micro zero-days abused by hackers

Get a free Techzine subscription!

Hackers have attempted to exploit two zero-day vulnerabilities in Trend Micro solutions. The company reported this earlier this week in an statement.

The Japanese security firm released patches on Monday to address the two vulnerabilities. The patch resolved three other issues, which were basically just as problematic. The difference with the first two problems, however, is that the last three have not yet been actively exploited by hackers.

According to Trend Micro’s warning, the two zero-days affect Apex One and OfficeScan XG enterprise security. Trend Micro has not released any further details about the attacks, but it has released details about the vulnerabilities themselves.

The details

The first zero-day vulnerability has the code CVE-2020-8467 and is a component for migration tools from Trend Micro Apex One and OfficeScan. That component contains a vulnerability that allows hackers to execute code remotely. However, user authentication is required for an attack attempt.

The second vulnerability is CVE-2020-8468, and concerns agents from Trend Micro Apex One and OfficeScan. These agents contain a content validation issue, which allows an attacker to manipulate certain components of the agent client. Again, an attack attempt requires user authentication.

In the summer of 2019, Chinese nation-state hackers already abused a Trend Micro OfficeScan zero-day (CVE-2019-18187) in an attack on the Japanese electronics company Mitsubishi Electric. It is not clear if there is a connection between the two zero-days announced this week and the attack on Mitsubishi Electric. Also, nothing is yet known about which group of hackers is involved in this case.