JVNVU#92208501
Multiple vulnerabilities in Worry-Free Business Security

Overview

Worry-Free Business Security provided by Trend Micro Incorporated contains multiple vulnerabilities.

Products Affected

CVE-2020-24556, CVE-2020-24557, CVE-2020-24558

• Worry-Free Business Security (for Windows) 10 SP1

• Worry-Free Business Security (for macOS) 10 SP1

Description

Trend Micro Worry-Free Business Security provided by Trend Micro Incorporated contains multiple vulnerabilities listed below.

• Improper Hard links Handling (CWE-59) - CVE-2020-24556, CVE-2020-24559

  CVSS v3

  CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  Base Score: 7.8

• Improper Access Control (CWE-284) - CVE-2020-24557

  CVSS v3

  CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  Base Score: 7.8

• Out-of-Bounds Read (CWE-125) - CVE-2020-24558

  CVSS v3

  CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

  Base Score: 5.5

Impact

• An attacker may obtain administrative privileges of the product and execute arbitrary code - CVE-2020-24556, CVE-2020-24559
• An attacker may disable the security functions of the product by manipulating particular folders, abuse specific Windows functions, or conduct privilege escalation - CVE-2020-24557
• An attacker may crash the product's multiple processes - CVE-2020-24558

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.
The developer has released the patches listed below that contain a fix for these vulnerabilities.

• Worry-Free Business Security (for Windows)
  • 10 SP1 b2228
• Worry-Free Business Security (for macOS)
  • macOS Patch