The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
OfficeScan XG SP1.
What you need to know:
A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows can allow an attacker to create a hard link to any file on the system. This could be manipulated to gain a privilege escalation and code execution. Trend Micro has released a new patch to address this.
Exploiting these vulnerabilities requires an attacker to have access (physical or remote) to a vulnerable machine. In addition to updating and patching applications in a timely manner, customers are also advised to review remote access to critical systems and ensure both policies and perimeter security are up to date.
Newer versions of the operating system (Windows 10 or OS Build 18363.719) mitigate hard links, but all previous versions are affected.
Actions to be taken:
Administrators are strongly encouraged to install this patch.
What is the impact of not doing the actions?
If exploited, an attacker could gain access to a vulnerable machine and have privileged access to be able to execute malicious codes remotely.