CVE-2022-26319

Name of the Vulnerable Software and Affected Versions Trend Micro Portable Security versions 2.0 through 3.0 Pro

Description An installer search patch element vulnerability could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. The attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this issue.

Recommendations For Trend Micro Portable Security versions 2.0 through 3.0 Pro, consider restricting access to the installer folder to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable installer search patch element functionality until the issue is resolved.