JPCERT-AT-2020-0012 JPCERT/CC 2020-03-16(Initial) 2020-03-18(Update) <<< JPCERT/CC Alert 2020-03-16 >>> Alert Regarding Vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Apex One and Virus Buster Corporate Edition https://www.jpcert.or.jp/english/at/2020/at200012.html I. Overview On March 16, 2020, Trend Micro has released the information regarding vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Trend Micro products such as Apex One and Virus Buster Corporate Edition. According to Trend Micro, these vulnerabilities are already exploited in the wild. Trend Micro Incorporated Request to Apply the Latest Patch Regarding Attack Exploiting Vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Apex One and Virus Buster Corporate Edition (Japanese) https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3722 If these vulnerabilities (CVE-2020-8467, CVE-2020-8468) are exploited, an attacker may execute arbitrary code or alter components on the Apex One agent or Virus Buster Corporate Edition client. Trend Micro Incorporated Regarding Multiple High Severity Vulnerability confirmed in Apex One and Virus Buster Corporate Edition (Japanese) https://success.trendmicro.com/jp/solution/000244253 Since the vulnerabilities are already being exploited in the wild, if you are using the affected products, it is recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro. II. Affected Products Affected products and versions are as follows: - Trend Micro Apex One prior to 2019 Critical Patch (Build 2117) - Virus Buster Corporate Edition prior to XG SP1 Critical Patch (Build 5474) ** Update: March 18, 2020 Update ************************************* Please also refer to the additional information about products and versions affected by these vulnerabilities as product name may differ in Japan and other countries. Trend Micro Incorporated SECURITY BULLETIN: Multiple Critical Vulnerabilities in Trend Micro Apex One and OfficeScan https://success.trendmicro.com/solution/000245571 JVNVU#91632701 Multiple vulnerabilities in Trend Micro Apex One and OfficeScan https://jvn.jp/en/vu/JVNVU91632701 ********************************************************************** III. Solution Trend Micro has released a patch that addresses these vulnerabilities. It is recommended to apply the patch as soon as possible. - Trend Micro Apex One 2019 Critical Patch (Build 2117) - Virus Buster Corporate Edition XG SP1 Critical Patch (Build 5474) IV. References Trend Micro Incorporated Request to Apply the Latest Patch Regarding Attack Exploiting Vulnerabilities (CVE-2020-8467, CVE-2020-8468) in Apex One and Virus Buster Corporate Edition (Japanese) https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=3722 Trend Micro Incorporated Regarding Multiple High Severity Vulnerabilities confirmed in Apex One and Virus Buster Corporate Edition (Japanese) https://success.trendmicro.com/jp/solution/000244253 ** Update: March 18, 2020 Update ************************************* JVNVU#91632701 Regarding Multiple Vulnerabilities in Trend Micro Apex One and Virus Buster Corporate Edition (Japanese) https://jvn.jp/vu/JVNVU91632701 Trend Micro Incorporated SECURITY BULLETIN: Multiple Critical Vulnerabilities in Trend Micro Apex One and OfficeScan https://success.trendmicro.com/solution/000245571 JVNVU#91632701 Multiple vulnerabilities in Trend Micro Apex One and OfficeScan https://jvn.jp/en/vu/JVNVU91632701 ********************************************************************** If you have any information regarding this alert, please contact JPCERT/CC. ________ Revision History 2020-03-16 First edition 2020-03-18 Updated "II. Affected Products" and "IV. References" ====================================================================== JPCERT Coordination Center (Early Warning Group) TEL: +81-3-6811-0610 MAIL: ew-info@jpcert.or.jp https://www.jpcert.or.jp/english/