CVE-2021-42106: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

CVE-2021-42106 is an unnecessary privilege vulnerability affecting Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services. The vulnerability was disclosed on October 21, 2021, and allows a local attacker to escalate privileges on affected installations. This vulnerability requires an attacker to first obtain the ability to execute low-privileged code on the target system (NVD).

The specific flaw exists within the Security Agent component, where the issue results from allowing an untrusted process to impersonate the client of a pipe. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (ZDI).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially gaining complete control over the affected system (ZDI).

Trend Micro has issued updates to address this vulnerability. Users of affected products should apply the appropriate patches provided by the vendor (ZDI).