CVE-2020-8607

Description

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.

Category

6.7
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.08%
Vendor Advisory trendmicro.com Vendor Advisory trendmicro.com
Affected: Trend Micro Trend Micro Apex One
Affected: Trend Micro Trend Micro OfficeScan
Affected: Trend Micro Trend Micro Deep Security
Affected: Trend Micro Trend Micro Worry-Free Business Security
Affected: Trend Micro Trend Micro Security (Consumer Family)
Affected: Trend Micro Trend Micro Safe Lock
Affected: Trend Micro Trend Micro ServerProtect
Affected: Trend Micro Trend Micro Portable Security
Affected: Trend Micro Trend Micro HouseCall
Affected: Trend Micro Trend Micro Anti-Threat Toolkit (ATTK)
Affected: Trend Micro Trend Micro Rootkit Buster
Published at:
Updated at:

References

Link Tags
https://success.trendmicro.com/solution/000260713 patch vendor advisory
https://success.trendmicro.com/jp/solution/000260748 vendor advisory
https://jvn.jp/vu/JVNVU99160193/ third party advisory
https://jvn.jp/en/vu/JVNVU99160193/index.html third party advisory

Frequently Asked Questions

What is the severity of CVE-2020-8607?
CVE-2020-8607 has been scored as a medium severity vulnerability.
How to fix CVE-2020-8607?
To fix CVE-2020-8607, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-8607 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-8607 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-8607?
CVE-2020-8607 affects Trend Micro Trend Micro Apex One, Trend Micro Trend Micro OfficeScan, Trend Micro Trend Micro Deep Security, Trend Micro Trend Micro Worry-Free Business Security, Trend Micro Trend Micro Security (Consumer Family), Trend Micro Trend Micro Safe Lock, Trend Micro Trend Micro ServerProtect, Trend Micro Trend Micro Portable Security, Trend Micro Trend Micro HouseCall, Trend Micro Trend Micro Anti-Threat Toolkit (ATTK), Trend Micro Trend Micro Rootkit Buster.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.