CVE-2023-52337

Name of the Vulnerable Software and Affected Versions Trend Micro Deep Security version 20.0 Trend Micro Cloud One - Endpoint and Workload Security Agent (affected versions not specified)

Description An improper access control issue could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The vulnerability is related to insufficient access control to folders in the Anti-Malware module of the Trend Micro Deep Security Agent for Windows operating systems, which may enable an attacker to elevate their privileges and execute arbitrary code.

Recommendations For Trend Micro Deep Security version 20.0, update to a version that includes the fix for this issue. For Trend Micro Cloud One - Endpoint and Workload Security Agent, apply the recommended configuration changes or patches as soon as they become available to address the improper access control vulnerability. As a temporary workaround, consider restricting access to sensitive folders and modules to minimize the risk of exploitation.