CVE-2018-6236

Name of the Vulnerable Software and Affected Versions Trend Micro Maximum Security (Consumer) version 2018

Description A Time-of-Check Time-of-Use privilege escalation issue exists due to a flaw in the processing of IOCTL 0x222813 by the tmusa driver. This could allow a local attacker to escalate privileges on vulnerable installations, but the attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Trend Micro Maximum Security (Consumer) version 2018, consider restricting access to the tmusa driver to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the vulnerable tmusa driver functionality may help mitigate the issue.