CVE-2022-24679

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One versions 10.0 SP1 and earlier Trend Micro Apex One as a Service versions prior to the fixed version Trend Micro Worry-Free Business Security 10.0 SP1 and earlier Trend Micro Worry-Free Business Security Services agents versions prior to the fixed version

Description A local privilege escalation vulnerability could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The vulnerability is related to an incorrect link following mechanism before accessing a file.

Recommendations For Trend Micro Apex One version 10.0 SP1, update to a version that includes the fix for this issue. For Trend Micro Apex One as a Service, update to a version that includes the fix for this issue. For Trend Micro Worry-Free Business Security 10.0 SP1, update to a version that includes the fix for this issue. For Trend Micro Worry-Free Business Security Services agents, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.