vulnerability

Trend Micro OfficeScan: CVE-2020-24557: Improper Access Control

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Sep 1, 2020	Mar 21, 2025	Mar 24, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Sep 1, 2020

Added

Mar 21, 2025

Modified

Mar 24, 2025

Description

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.

Solution

trend-micro-officescan-upgrade-latest

References

CVE-2020-24557
https://attackerkb.com/topics/CVE-2020-24557
URL-https://success.trendmicro.com/en-US/solution/KA-0010821
URL-https://www.zerodayinitiative.com/advisories/ZDI-20-1094/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today