US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks.
The vulnerability, tracked as CVE-2020-24557, affects the company’s Apex One and OfficeScan XG, two advanced security products aimed at enterprise customers.
The bug was discovered last year by Christopher Vella, a vulnerability researcher at Microsoft, who privately reported the issue to Trend Micro through the company’s Zero-Day Initiative bug acquisition program.
Trend Micro patched the issue in August 2020, but in an update to its initial security advisory posted on Wednesday, the security firm said it learned of incidents where this same bug was weaponized to attack some of its customers.
Source: The Record