Trend Micro Resolves Critical Privilege Escalation Vulnerabilities in Apex One Products

Trend Micro has patched six high-severity vulnerabilities in its Apex One and Apex One as a Service products, which could allow local attackers to escalate privileges on affected Windows systems. Users are urged to update to the latest versions to prevent potential exploitation.

  Vulnerability Alerts   Jan 2, 2025  Add to Reading List
Trend Micro Resolves Critical Privilege Escalation Vulnerabilities in Apex One Products

Critical Privilege Escalation Vulnerabilities Fixed in Trend Micro Apex One Products

Trend Micro has issued updates addressing several high-severity vulnerabilities in its Apex One and Apex One as a Service products. These vulnerabilities, identified under multiple CVE identifiers, could allow attackers to escalate privileges on vulnerable Windows systems. The issues have been resolved in recent builds, and Trend Micro urges all users to apply the updates immediately to mitigate potential risks.

Affected Products and Versions:

  • Apex One (On-Premises): Versions prior to Build 13140
  • Apex One as a Service: Versions before December 2024 Maintenance (Agent Version 14.0.14203)

Vulnerabilities Overview:

The vulnerabilities, which all carry a CVSS 3.0 score of 7.8 (high severity), could allow local attackers to elevate their privileges, gaining unauthorized access to system functions. These flaws primarily exist in components such as LogServer, Engine, and Security Agent.

The affected CVEs are as follows:

  • CVE-2024-52048 and CVE-2024-52049: LogServer Link Following Local Privilege Escalation
  • CVE-2024-52050: LogServer Arbitrary File Creation Local Privilege Escalation
  • CVE-2024-55631 and CVE-2024-55632: Engine and Security Agent Link Following Local Privilege Escalation
  • CVE-2024-55917: Origin Validation Error Local Privilege Escalation

While exploiting these vulnerabilities requires attackers to have low-privileged access on the target system, Trend Micro emphasizes that prompt updates are critical to protecting against these threats.

Solution and Recommendations:

Trend Micro has released the following updated builds to address these vulnerabilities:

  • Apex One: SP1 Build 13140 (now available)
  • Apex One as a Service: December 2024 Monthly Maintenance (202412), Agent Version 14.0.14203 (now available)

Customers are advised to download these updates via Trend Micro’s Download Center, ensuring that any required service packs are installed prior to updating.

Mitigation and Best Practices:

To further reduce risk, Trend Micro recommends the following actions:

  1. Apply the latest patches and updates to all affected Apex One products immediately.
  2. Restrict physical and remote access to critical systems to minimize exploitation risks.
  3. Review and strengthen perimeter security measures, including remote access policies and access control protocols.
  4. Implement robust cybersecurity practices such as privileged access management, network segmentation, and proactive monitoring.

Although exploiting these vulnerabilities typically requires physical or remote access to the affected machine, Trend Micro strongly encourages all customers to update their systems without delay.

By acting swiftly and implementing security best practices, organizations can better protect their systems against these serious vulnerabilities and strengthen their overall cybersecurity posture

Click Here to Visit   

Tags