Trend micro Zeroday Exploited
Trend Micro released security patches for multiple incorrect permission assignment privilege escalation, incorrect permission preservation authentication bypass, arbitrary file upload, and local privilege escalation vulnerabilities in Apex One and Apex One as a Service products.
The security firm also reported that attackers are already exploits at least two of the flaws (CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, CVE-2021-36742) in attacks in the wild.The vulnerabilities affect the Trend Micro Apex One (On Premise) and Apex One as a Service (SaaS) on Windows.
The company did not share info about the attacks in the wild that exploited the above vulnerabilities.
The security firm revealed that attackers were actively exploiting a vulnerability, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems.The CVE-2020-24557 vulnerability affects the Apex One and OfficeScan XG enterprise security products.