Trend Micro’s Apex One virus protection software allows attackers to escalate their rights or delete unauthorized files in the system due to security gaps. Trend Micro has released updates to close the vulnerabilities. Administrators of Apex One installations should install them.
Two vulnerabilities
The protection programs contain two security-related errors. Malicious actors could abuse the component’s link-following component in the Damage Cleanup engine, which is designed to clean up virus infections. Attackers could, for example, create a symbolic link and thus extend their rights. They could also abuse the file deletion service (CVE-2022-45798, CVSS 7.8risk “high“).
The developers do not explain a second vulnerability in detail, but only mention that local attackers could use it to extend their privileges on the system and delete files on affected installations (CVE-2022-45797, CVSS 5.6, medium). Tried to both gaps Trend Micro in the Security Advisory that they must at least be able to run code with low privileges in the system in order to exploit the vulnerabilities.
Affected are Apex One 2019 as an on-premise installation in the local network and Apex One as a Service for Windows. The software statuses SP1 CP b11136 for on-premise installation as well Hot Fix Build 202211 and Agent 14.0.11840 for the as-a-service variant fix the errors. IT managers receive them in the ways they are familiar with and should check their instances to ensure they are up-to-date. Trend Micro has already updated its cloud services and agents.
The vulnerabilities are somewhat reminiscent of gaps that have now become known in AVG and Avast. There, too, attackers were able to extend their rights in the system due to security-related errors in the virus cleaning routines.
(dmk)