CVE-2021-32464: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

An incorrect permission assignment privilege escalation vulnerability (CVE-2021-32464) was discovered in Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security products. The vulnerability was reported on March 12, 2021, and publicly disclosed on July 30, 2021 (ZDI Advisory).

The vulnerability exists within the Worry-Free Business Services Agent, resulting from incorrect permissions set on a resource used by the service. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

An attacker who successfully exploits this vulnerability can leverage it to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially gaining complete control over the affected system (ZDI Advisory).

Trend Micro has issued updates to correct this vulnerability. Users of affected products are strongly encouraged to update to the latest versions as soon as possible (SecurityWeek).

The vulnerability was part of a critical security bulletin from Trend Micro that documented multiple security flaws. The company took immediate action by contacting affected customers and issuing patches, while maintaining a policy of not commenting on specific details of in-the-wild attacks for customer safety and confidentiality (SecurityWeek).