CVE-2020-24556

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified) Trend Micro OfficeScan XG SP1 (affected versions not specified) Trend Micro Worry-Free Business Security 10 SP1 (affected versions not specified) Trend Micro Worry-Free Business Security Services (affected versions not specified) Microsoft Windows (versions prior to 1909, OS Build 18363.719)

Description A vulnerability in the mentioned Trend Micro products on Microsoft Windows may allow an attacker to create a hard link to any file on the system, potentially leading to privilege escalation and code execution. The attacker must first obtain the ability to execute low-privileged code on the target system. The issue is related to insufficient access control in the Security Agent component of the affected Trend Micro products.

Recommendations For Trend Micro Apex One, consider restricting access to sensitive files and directories until a patch is available. For Trend Micro OfficeScan XG SP1, temporarily disable any features that may allow the creation of hard links to system files. For Trend Micro Worry-Free Business Security 10 SP1, avoid using the Security Agent component until the issue is resolved. For Trend Micro Worry-Free Business Security Services, restrict access to the vulnerable component to minimize the risk of exploitation. For Microsoft Windows versions prior to 1909 (OS Build 18363.719), update to version 1909 or later to mitigate the risk of hard link exploitation.