CVE-2020-24557: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A vulnerability (CVE-2020-24557) was discovered in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 running on Microsoft Windows systems. The vulnerability was disclosed on September 1, 2020, and allows attackers to manipulate a particular product folder to temporarily disable security, abuse specific Windows functions, and achieve privilege escalation. The flaw affects systems running versions of Microsoft Windows prior to Windows 10 version 1909 (OS Build 18363.719) (NVD).

The vulnerability exists within the ApexOne Security Agent, specifically in the logic that controls access to the Misc folder. The flaw received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system (ZDI).

If successfully exploited, the vulnerability allows attackers to escalate privileges and execute code in the context of SYSTEM, potentially gaining complete control over the affected system. This could lead to unauthorized access to sensitive data and system resources (ZDI).

Trend Micro has released security updates to address this vulnerability. Organizations running affected versions of Apex One and Worry-Free Business Security 10.0 SP1 should apply the vendor-provided patches. Additionally, systems running Windows 10 version 1909 (OS Build 18363.719) or later are protected against this vulnerability due to hard link mitigations (NVD).