CVE-2022-34893

Vulnerability

A link following vulnerability exists in Trend Micro Security 2022 (consumer) version 17.7.1179 and below [2]. The flaw resides within the Trend Micro Anti-Malware Solution Platform [1]. By creating a symbolic link, an attacker can abuse the service to delete a file [1]. The vulnerability requires the ability to execute low-privileged code on the target system [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system [1]. The attacker then creates a symbolic link [1] and manipulates a mountpoint [2] to trigger the link following behavior. The specific steps involve abusing a service within the Trend Micro Anti-Malware Solution Platform to delete a file via the crafted link [1]. No user interaction beyond initial code execution is required. The attack vector is local with low attack complexity [1].

Impact

Successful exploitation allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM [1]. The vulnerability leads to complete compromise of confidentiality, integrity, and availability of the affected system [1]. No known actual attacks have been reported against the affected products [2].

Mitigation

Trend Micro has released an update via ActiveUpdate to version 17.7.1634 for Microsoft Windows which resolves the issue [2]. Affected users should ensure they always have the latest version of the program [2]. No workarounds are identified [2].