CVE-2024-32849: Trend Micro Maximum Security Privilege Escalation Vulnerability

Trend Micro, a leader in cybersecurity solutions, has issued a security update to its Maximum Security software for Windows users, addressing a significant local privilege escalation vulnerability identified as CVE-2024-32849. The flaw, which carries a CVSS score of 7.8, could potentially allow attackers to escalate privileges and manipulate system files.

Credit: Trend Micro

What’s the Risk?

The vulnerability was discovered in the Trend Micro Security 17.7 suite for Windows, a consumer-grade security product. Specifically, the issue allows a local user to unintentionally delete privileged files belonging to Trend Micro’s software, potentially undermining the integrity and security of the affected system.

Trend Micro has given credit to Nicholas Zubrisky and Michael DePlante (@izobashi) working with its Zero Day Initiative (ZDI) for identifying and responsibly reporting this vulnerability.

As of the latest updates, Trend Micro has not received any reports of actual attacks exploiting this vulnerability. The lack of reported incidents may be partly due to the nature of the flaw, which requires local access, thus limiting the scope of potential attackers.

Affected Products

The vulnerability affects Trend Micro Security 17.7 (Consumer) for Windows, prior to 17.7.1979. If you’re using this product, you should update immediately.

How to Protect Yourself

1. Update Immediately: Trend Micro has released an update to address this issue. It’s strongly recommended to install the latest version through ActiveUpdate to ensure your system is protected.

2. Download Updates: Regularly download the latest security updates from Trend Micro to keep your software and system secure.