Affected Version(s)
| Product | Affected Version(s) | Platform | Language(s) |
|---|---|---|---|
| Apex One | 2019 (On-prem) | Windows | English |
| Apex One as a Service | SaaS | Windows | English |
| Worry-Free Business Security | 10.0 SP1 | Windows | English |
| Worry-Free Business Security Services | SaaS | Windows | English |
Solution
Trend Micro has released the following solution to address the issue:
| Product | Updated version | Notes | Platform | Availability |
|---|---|---|---|---|
| All affected products listed above | Spyware Pattern 25.27 and above | See Below* | Windows | Available Now |
The resolution for this vulnerability has been deployed in the product's Spyware Pattern version 25.27, which customers would automatically receive via ActiveUpdate starting from June 30, 2022. No additional steps are needed if customers are up-to-date with the latest detection patterns.
These are the minimum recommended version(s) of the patches and/or builds required to address the issue. Trend Micro highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.
Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.
Vulnerability Details
CVE-2022-36336: Trend Micro Apex One Security Agent Link Following Local Privilege Escalation VulnerabilityCVSSv3: 7.8: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
A link following vulnerability in the scanning function of Trend Micro Apex One agent that could allow a local attacker to escalate privileges on affected installations.
The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue.
Mitigating Factors
Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.
However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.
Acknowledgement
Trend Micro would like to thank the following individuals for responsibly disclosing these issues and working with Trend Micro to help protect our customers:
- Abdelhamid Naceri working with Trend Micro's Zero Day Initiative
External Reference(s)
- ZDI-CAN-16692