CVE-2020-24557

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One versions prior to 1909 (OS Build 18363.719) Trend Micro Worry-Free Business Security 10.0 SP1 Trend Micro OfficeScan (affected versions not specified)

Description A vulnerability in Trend Micro products may allow an attacker to manipulate a particular product folder, temporarily disabling security and potentially leading to privilege escalation through the abuse of a specific Windows function. The attacker must first obtain the ability to execute low-privileged code on the target system. The issue is related to insufficient access control to the "Misc" folder.

Recommendations For Trend Micro Apex One versions prior to 1909 (OS Build 18363.719), update to version 1909 (OS Build 18363.719) or later to resolve the issue. For Trend Micro Worry-Free Business Security 10.0 SP1, consider restricting access to the "Misc" folder as a temporary workaround until a patch is available. For Trend Micro OfficeScan, at the moment, there is no information about a newer version that contains a fix for this vulnerability.