Trend Micro warns of several vulnerabilities in its Apex One malware protection software and associated agents that allow attackers to elevate their privileges in the system. The updated software fixes a total of eleven vulnerabilities.
Advertisement
Provide deeper details about the gaps Trend Micro’s developers in the security announcement not. However, they briefly explain that the Apex One Security Agent, for example, allows local attackers to increase their privileges due to a “link tracking gap” (CVE-2023-47192). The same is caused by an origin verification vulnerability in Security Agent (CVE-2023-47193 to CVE-2023-47199). The Security Agent plug-in manager also does not check the origin correctly (CVE-2023-47200, CVE-2023-47201).
Trend Micro Apex One: In addition to the security agent, servers are also affected
In addition, the Trend Micro Apex One Management Server has a vulnerability that affects the integration of local files. Malicious actors can also abuse this to expand their local privileges (CVE-2023-47202). All gaps are classified by the programmers as high Risk with a CVSS score of 7.8 receive.
In order to better counteract such threats in the future, the developers have improved the self-protection of Apex One and Apex One as a Service agents. Certain apps that have not been digitally signed by Trend Micro or Microsoft and exhibit certain injection behavior could be blocked as a result, explains the manufacturer. Affected administrators would then have to create exception rules for known and trustworthy apps.
The errors mentioned correct the versions Apex One SPI CP 12526, Apex One as a Service with the September 2023 Monthly Patch and the agent version 14.0.12737 or newer versions. They also contain improved self-protection. IT managers should apply the available updates promptly so that this has not already happened automatically.
Recently, Trend Micro warned of a security vulnerability that had already been attacked in several products such as Apex One. The developers classified this as a critical risk because it allowed attackers to inject and execute malicious code.
(dmk)