Affected Version(s)

Not Affected Version(s)

Solution

Trend Micro has categorized this update with the following impact level and different options to address the issue:

The critical patch mentioned above is actually a combination of the solution for this vulnerability and some updated features and functionality to help OfficeScan users protect against ransomware. It also supersedes the standalone Hot Fix Build 4889 that was previously available in this article.

Vulnerability Details

This update resolves a vulnerability in Trend Micro OfficeScan 11.0 SP1 in which an attacker who has already compromised the security environment of the local OfficeScan server may be able to manipulate certain variables to obtain access to other files and directories outside of the core OfficeScan web root folder.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.

Mitigating Factors

Please note that the OfficeScan server port needed for a specifically crafted attack required to exploit this vulnerability is not publicly broadcast and is only visible to internal user requests. Furthermore, for an attack of this nature to be attempted, the OfficeScan server’s own security agent protection would have to have been previously compromised due to the requirement of a malicious file needing to be placed on the OfficeScan server.

However, even though the exploit may require several specific conditions to be met, Trend Micro strongly encourages OfficeScan customers to update to the latest patches (as outlined above) as soon as possible.

Acknowledgment

Trend Micro would like to thank Tavis Ormandy of Google Project Zero for responsibly disclosing a similar issue on another product leading to this discovery and working with Trend Micro to help protect our customers.