Product

Affected Version(s)

Platform

Language(s)

Apex One (on-prem)

Patch 6 B10048 through B10064
(December 2021 and January 2022 CPs)

Windows

English

Apex One as a Service (SaaS)

January 2022 Maintenance
(Agent Build 14.0.10223)

Windows

English

Product

Updated version

Notes

Platform

Availability

Apex One

CP B10071

Readme

Windows

Now Available

CRITICAL SECURITY ISSUE: Unexpected Unloading of Trend Micro Apex One Agents

Product / Version includes:

Apex One as a Service2019 , Apex One2019

Last updated: 2022/02/10

Solution ID: KA-0012802

Category: Update

Summary

Release Date: February 9, 2022
Platform(s): Windows
Severity Rating(s): Critical

Trend Micro has released a new Critical Patch for Trend Micro Apex One that resolves an potential security issue that was discovered that could allow an unauthorized party in certain circumstances to unload an Trend Micro Apex One endpoint agent.

Administrators and users that have applied the on premise December 2021 CP (Patch 6 B10048) or January 2022 CP (B10064) should update to the new version as soon as possible.

Affected Version(s)

Product	Affected Version(s)	Platform	Language(s)
Apex One (on-prem)	Patch 6 B10048 through B10064 (December 2021 and January 2022 CPs)	Windows	English
Apex One as a Service (SaaS)	January 2022 Maintenance (Agent Build 14.0.10223)	Windows	English

Solution

Trend Micro has released the following solutions to address the issue:

Product	Updated version	Notes	Platform	Availability
Apex One	CP B10071	Readme	Windows	Now Available

*Please note that the Apex One as a Service (SaaS) version was updated via emergency maintenance on January 28, 2022 with build 14.0.10224. Please refer to the following article or reference.

These are the minimum recommended version(s) of the patches and/or builds required to address the issue. Trend Micro highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.

Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.

Issue Details

Trend Micro is aware of a potential security issue that was introduced in Patch 6 B10048 (December 2021 CP) and was also present in the recently released B10064 (January 2022) critical patches that could allow an unauthorized party to unload an Apex One endpoint agent.

These two versions are no longer available from Trend Micro's Download Center, and versions prior to B10048 are not affected.

Please note that the party must first have at least user access/privileges to the endpoint.

Due to the severity of this issue, is it strongly recommended that customers that have applied either the B10048 (December) or B10064 (January) Critical Patches upgrade to B10071 or higher as soon as possible.

SaaS customers should ensure that they have applied the latest update that was released on January 28, 2022.

Mitigating Factors

Exploiting these type of issues generally require that an attacker has access (physical or remote) to an affected target machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

CRITICAL SECURITY ISSUE: Unexpected Unloading of Trend Micro Apex One Agents

Affected Version(s)

Solution

Issue Details

Mitigating Factors

CRITICAL SECURITY ISSUE: Unexpected Unloading of Trend Micro Apex One Agents

Product / Version includes:

Summary

Affected Version(s)

Solution

Issue Details

Mitigating Factors