Trend Micro disclosed that the threat actors are once again using security solutions as attack vectors and this time attackers are deliberately leveraging a vulnerability in its antivirus solutions, identified as CVE-2020-24557 gaining admin rights

Apex One and OfficeScan XG enterprise security products are affected by the CVE-2020-24557 vulnerability. An attacker may use the bug to exploit a specific product folder to temporarily disable protection, abuse a specific Windows feature, and gain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.”

Zero-Day Initiative programme in 2020 addressed the bug , and the security firm addressed it in August 2020. Now, they updated its security warning, acknowledging that the bug is being actively exploited in the wild by attackers and urging customers to install security updates.

Affected items
– Trend Micro Apex One 2019 before Build 8422
– Trend Micro Apex One as a Service prior to Build 202008
– OfficeScan prior to XG SP1 Build 5702

Other vulnerabilities in the Apex One and OfficeScan XG security products, such as CVE-2019-18187, CVE-2020-8467, and CVE-2020-8468 have previously been revealed and some of them have been exploited by nation-state actors in real-world attacks.