Trend Micro has issued critical patches for several vulnerabilities in its Apex One and OfficeScan XG enterprise security products. Attackers have tried to exploit at least two of these flaws.
CVE-2020-8467, one of the two zero-days, is a critical remote code execution vulnerability in a migration tool component in Apex One and OfficeScan. This could allow remote attackers to execute arbitrary code in affected installations. The second zero-day, CVE-2020-8468, is a content validation escape flaw that could let an attacker manipulate certain agent client components. Both of these require valid user credentials for exploitation, Trend Micro reports.