I was reviewing TrendMicro products as part of an engagement and I found a permissions issue whereby a log file wasn’t configured correct permissions, and additionally I could take control of the permissions of the file.

I reported this issue to the Trend team who issued two bulletins for products which are affected.

SECURITY BULLETIN: March 2021 Security Bulletin for Trend Micro OfficeScan XG SP1
https://success.trendmicro.com/solution/000286157

SECURITY BULLETIN: March 2021 Security Bulletin for Trend Micro Apex One and Apex One as a Service
https://success.trendmicro.com/solution/000286019

Trend have an acknowledgements page for security researchers who submit issues to them, to which I’ve kindly been added.
https://success.trendmicro.com/vulnerability-response

Leave a Reply

Your email address will not be published. Required fields are marked *