Can you explain this vulnerability to me?

This vulnerability is a local privilege escalation flaw in Trend Micro Maximum Security 17.8, caused by improper handling of symbolic links. A local attacker with low-level privileges can create a symbolic link that the software's Platinum Host Service follows, leading to unintended deletion of privileged Trend Micro files, including its own. Exploiting this flaw allows the attacker to escalate their privileges to SYSTEM level and execute arbitrary code with high privileges. [1, 2]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

If exploited, this vulnerability can allow a local attacker to gain SYSTEM-level privileges on the affected system. This means the attacker could execute arbitrary code with the highest privileges, potentially compromising the confidentiality, integrity, and availability of the system and data. It could lead to deletion of critical Trend Micro files and full control over the affected machine. [1, 2]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update Trend Micro Maximum Security to version 17.8.1464 or higher, which includes the fix for this issue. The update is available via ActiveUpdate. Applying this update will address the link following local privilege escalation vulnerability. [2]

Useful 0 Not Useful 0