At the beginning of this week, Trend Micro developers immediately fixed two 0-day vulnerabilities that were under attack, as well as three more critical bugs in their products that hackers had not yet reached.
The company has not yet disclosed details of the recorded attacks. It is only known that the problems used by the attackers were related to the corporate security products Apex One and OfficeScan XG.
The first zero-day vulnerability, CVE-2020-8467 (9.1 points on the CVSS scale), is related to the fact that the Trend Micro Apex One and OfficeScan tool components allow remote attackers to execute arbitrary code. But an attack requires that the user be authenticated.
The second problem under attack is CVE-2020-8468 (8.0 points on the CVSS scale), also related to the work of Trend Micro Apex One and OfficeScan. This vulnerability helps circumvent content validation and, as a result, an attacker gains the ability to manipulate some components of the client agent. To implement such an attack, the user also needs to be authenticated.
Judging by these descriptions, both errors were used either to disable security products or to increase the privileges of attackers who entered the system in another way.
But in addition to these two problems, the company also announced the correction of three equally dangerous bugs (CVE-2020-8470, CVE-2020-8598, and CVE-2020-8599), which received 10 out of 10 possible points on the CVSSv3 vulnerability rating scale. That is, all of them can be used remotely via the Internet, do not require authentication and, as a result, provide the attacker with full control over the antivirus.