CVE-2020-27696

Vulnerability

Trend Micro Security 2020 (Consumer) versions 16.x for Windows English (Premium Security, Maximum Security, Internet Security, Antivirus+) contain a vulnerability in the installer package. The installer does not properly validate the location of a specific Windows system directory, allowing an attacker to place a directory that leads to privilege escalation during installation [1].

Exploitation

An attacker with local access to the system and the ability to place a specific Windows system directory (e.g., via a directory junction or symlink) in a location processed by the installer can exploit this vulnerability. The attacker must have write access to the target directory before the installation begins. When the installer runs with elevated privileges, it follows the attacker-controlled directory, enabling the attacker to execute arbitrary code with SYSTEM privileges [1].

Impact

Successful exploitation grants the attacker administrative (SYSTEM) privileges on the affected Windows system. This allows full control over the machine, including installing software, modifying system files, and accessing all user data [1].

Mitigation

Trend Micro released an updated installer in Trend Micro Security 2021 (version 17) which resolves this vulnerability. Users should upgrade to the latest version. No workaround is documented. The vulnerability is rated Low severity (CVSS 2.7) and is not listed on the CISA Known Exploited Vulnerabilities catalog [1].