CVE-2021-36744

Vulnerability

CVE-2021-36744 is a directory junction vulnerability in Trend Micro Security (Consumer) products. The flaw exists within the Maximum Security Agent and affects versions: Trend Micro Security for Best Buy 2021 (v17.2), Trend Micro Security 2021 (v17), Trend Micro Security 2020 (v16), and Trend Micro Security 2019 (v15) on Windows platforms [1][2]. By creating a directory junction, an attacker can abuse the service to delete a file [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system [1]. The specific vulnerability requires local access and low privileges. No user interaction is needed beyond the initial code execution [1]. The attacker creates a directory junction to exploit the service's file deletion behavior [1].

Impact

Successful exploitation allows the attacker to delete a file on the system, leading to a denial-of-service condition [1]. The CVSSv3 score is 6.1 (Medium), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H [2]. The impact is limited to integrity (low) and availability (high), with no confidentiality impact [2].

Mitigation

Trend Micro released hotfixes for all affected versions as of August 29, 2021 [2]. Users should apply the appropriate hotfix for their product version: Trend Micro Security for Best Buy 2021 (v17.2), Trend Micro Security 2021 (v17), Trend Micro Security 2020 (v16), and Trend Micro Security 2019 (v15) [2]. No known workarounds are available, and the vendor reports no active exploitation at the time of disclosure [2].