JPCERT-AT-2020-0012
JPCERT/CC
2020-03-16(Initial)
2020-03-18(Update)
Trend Micro Incorporated
Request to Apply the Latest Patch Regarding Attack Exploiting Vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Apex One and Virus Buster Corporate Edition (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3722
If these vulnerabilities (CVE-2020-8467, CVE-2020-8468) are exploited,an attacker may execute arbitrary code or alter components on the Apex One agent or Virus Buster Corporate Edition client.
Trend Micro Incorporated
Regarding Multiple High Severity Vulnerability confirmed in Apex One and Virus Buster Corporate Edition (Japanese)
https://success.trendmicro.com/jp/solution/000244253
Since the vulnerabilities are already being exploited in the wild, if you are using the affected products, it is recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro.
- Trend Micro Apex One prior to 2019 Critical Patch (Build 2117)
- Virus Buster Corporate Edition prior to XG SP1 Critical Patch (Build 5474)
- Trend Micro Apex One 2019 Critical Patch (Build 2117)
- Virus Buster Corporate Edition XG SP1 Critical Patch (Build 5474)
Trend Micro Incorporated
Request to Apply the Latest Patch Regarding Attack Exploiting Vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Apex One and Virus Buster Corporate Edition (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3722
Trend Micro Incorporated
Regarding Multiple High Severity Vulnerabilities confirmed in Apex One and Virus Buster Corporate Edition (Japanese)
https://success.trendmicro.com/jp/solution/000244253
If you have any information regarding this alert, please contact JPCERT/CC.
2020-03-18 Updated "II. Affected Products" and "IV. References"
JPCERT Coordination Center (Early Warning Group)
TEL: +81-3-6811-0610 MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2020-03-16(Initial)
2020-03-18(Update)
I. Overview
On March 16, 2020, Trend Micro has released the information regarding vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Trend Micro products such as Apex One and Virus Buster Corporate Edition. According to Trend Micro, these vulnerabilities are already exploited in the wild.Trend Micro Incorporated
Request to Apply the Latest Patch Regarding Attack Exploiting Vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Apex One and Virus Buster Corporate Edition (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3722
If these vulnerabilities (CVE-2020-8467, CVE-2020-8468) are exploited,an attacker may execute arbitrary code or alter components on the Apex One agent or Virus Buster Corporate Edition client.
Trend Micro Incorporated
Regarding Multiple High Severity Vulnerability confirmed in Apex One and Virus Buster Corporate Edition (Japanese)
https://success.trendmicro.com/jp/solution/000244253
Since the vulnerabilities are already being exploited in the wild, if you are using the affected products, it is recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro.
II. Affected Products
Affected products and versions are as follows:- Trend Micro Apex One prior to 2019 Critical Patch (Build 2117)
- Virus Buster Corporate Edition prior to XG SP1 Critical Patch (Build 5474)
Update: March 18, 2020 Update
Please also refer to the additional information about products and versions affected by these vulnerabilities as product name may differ in Japan and other countries.
Trend Micro Incorporated
SECURITY BULLETIN: Multiple Critical Vulnerabilities in Trend Micro Apex One and OfficeScan
https://success.trendmicro.com/solution/000245571
JVNVU#91632701
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
https://jvn.jp/en/vu/JVNVU91632701
Trend Micro Incorporated
SECURITY BULLETIN: Multiple Critical Vulnerabilities in Trend Micro Apex One and OfficeScan
https://success.trendmicro.com/solution/000245571
JVNVU#91632701
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
https://jvn.jp/en/vu/JVNVU91632701
III. Solution
Trend Micro has released a patch that addresses these vulnerabilities.It is recommended to apply the patch as soon as possible.- Trend Micro Apex One 2019 Critical Patch (Build 2117)
- Virus Buster Corporate Edition XG SP1 Critical Patch (Build 5474)
IV. References
Trend Micro Incorporated
Request to Apply the Latest Patch Regarding Attack Exploiting Vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Apex One and Virus Buster Corporate Edition (Japanese)
https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3722
Trend Micro Incorporated
Regarding Multiple High Severity Vulnerabilities confirmed in Apex One and Virus Buster Corporate Edition (Japanese)
https://success.trendmicro.com/jp/solution/000244253
Update: March 18, 2020 Update
JVNVU#91632701
Regarding Multiple Vulnerabilities in Trend Micro Apex One and Virus Buster Corporate Edition (Japanese)
https://jvn.jp/vu/JVNVU91632701
Trend Micro Incorporated
SECURITY BULLETIN: Multiple Critical Vulnerabilities in Trend Micro Apex One and OfficeScan
https://success.trendmicro.com/solution/000245571
JVNVU#91632701
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
https://jvn.jp/en/vu/JVNVU91632701
Regarding Multiple Vulnerabilities in Trend Micro Apex One and Virus Buster Corporate Edition (Japanese)
https://jvn.jp/vu/JVNVU91632701
Trend Micro Incorporated
SECURITY BULLETIN: Multiple Critical Vulnerabilities in Trend Micro Apex One and OfficeScan
https://success.trendmicro.com/solution/000245571
JVNVU#91632701
Multiple vulnerabilities in Trend Micro Apex One and OfficeScan
https://jvn.jp/en/vu/JVNVU91632701
If you have any information regarding this alert, please contact JPCERT/CC.
Revision History
2020-03-16 First edition2020-03-18 Updated "II. Affected Products" and "IV. References"
JPCERT Coordination Center (Early Warning Group)
TEL: +81-3-6811-0610 MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/