JVNVU#91848962: Multiple vulnerabilities in Trend Micro Worry-Free Business Security and Worry-Free Business Security Services

Overview

Trend Micro Incorporated has released security updates for Worry-Free Business Security and Worry-Free Business Security Services.

Products Affected

Worry-Free Business Security 10.0 SP1
Worry-Free Business Security Services (SaaS)

Description

Trend Micro Incorporated has released security updates for Worry-Free Business Security and Worry-Free Business Security Services.

Impact

Privilege escalation due to an Out-of-Bounds access vulnerability in the Unauthorized Change Prevention Service
Privilege escalation due to a memory corruption vulnerability in the Unauthorized Change Prevention Service
Memory corruption due to missing SAFESEH memory protection mechanism in some modules
Privilege escalation and file deletion in Damage Cleanup Engine component

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the following patch to fix these vulnerabilities.

Worry-Free Business Security 10.0 Service Pack 1 Patch Build 2454

The issues in Worry-Free Business Security Services are already fixed in November 21, 2022 updates.

Apply the Workaround
The following workaround may mitigate the impact of these vulnerabilities.

Permit access to the product only from the trusted network

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: February 2023 Security Bulletin for Trend Micro Worry-Free Business Security

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#91848962 Multiple vulnerabilities in Trend Micro Worry-Free Business Security and Worry-Free Business Security Services