CVE-2021-45440: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A unnecessary privilege vulnerability (CVE-2021-45440) was discovered in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only). The vulnerability was disclosed on January 10, 2022, affecting the on-premises versions of these security products (NVD, ZDI).

The specific vulnerability exists within the Security Server component, where an issue results from allowing an untrusted process to impersonate the client of a pipe. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates a local attack vector with low attack complexity, requiring low privileges and no user interaction (ZDI).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. The impact affects all three main security properties - confidentiality, integrity, and availability - with high severity (NVD).

Trend Micro has issued an update to correct this vulnerability. Users should apply the latest security patches provided by the vendor (ZDI).