Maximum Security 2022
Monthly
Trend Micro Security 17.8 for consumer platforms contains a local privilege escalation vulnerability via improper symlink handling (CWE-64: Improper Link Resolution Before File Access) that allows a local attacker with limited privileges to delete or modify critical Trend Micro system files without user interaction. The vulnerability affects Trend Micro Security 17.8 specifically and carries a CVSS 3.1 score of 7.8 (High) with local attack vector; KEV status, EPSS score, and active exploitation data are not provided in available sources, limiting real-world risk quantification.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits improper link following (symlink/junction attack) to allow a low-privileged local attacker to delete privileged Trend Micro system files without user interaction. This vulnerability carries a CVSS 7.8 high severity rating due to high impact on confidentiality, integrity, and availability; however, real-world exploitability depends on KEV status, EPSS probability data, and proof-of-concept availability, which are not provided in the available intelligence.
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Trend Micro Security 17.8 for consumer platforms contains a local privilege escalation vulnerability via improper symlink handling (CWE-64: Improper Link Resolution Before File Access) that allows a local attacker with limited privileges to delete or modify critical Trend Micro system files without user interaction. The vulnerability affects Trend Micro Security 17.8 specifically and carries a CVSS 3.1 score of 7.8 (High) with local attack vector; KEV status, EPSS score, and active exploitation data are not provided in available sources, limiting real-world risk quantification.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits insecure link following to allow a low-privileged local attacker to delete privileged Trend Micro files, potentially compromising the security product's integrity. With a CVSS score of 7.8 and low attack complexity (AC:L), this vulnerability poses a significant risk to consumer systems where privilege escalation could disable or corrupt critical security components. No active exploitation (KEV status) or public POC has been reported at this time, but the low barrier to exploitation (local access with low privileges required) warrants prompt patching.
Local privilege escalation vulnerability in Trend Micro Security 17.8 (Consumer) that exploits improper link following (symlink/junction attack) to allow a low-privileged local attacker to delete privileged Trend Micro system files without user interaction. This vulnerability carries a CVSS 7.8 high severity rating due to high impact on confidentiality, integrity, and availability; however, real-world exploitability depends on KEV status, EPSS probability data, and proof-of-concept availability, which are not provided in the available intelligence.
Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.