CVE-2021-45442: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A link following denial-of-service vulnerability (CVE-2021-45442) was discovered in Trend Micro Worry-Free Business Security (on-premises only). The vulnerability was disclosed on January 10, 2022, and affects Trend Micro Apex One 2019 and Worry-Free Business Security 10.0 SP1 products (NVD, ZDI Advisory).

The specific flaw exists within the Trend Micro Security Agent Listener service. The vulnerability has a CVSS v3.1 Base Score of 7.1 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. The vulnerability requires local access and low privileges to exploit, with no user interaction needed (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to overwrite arbitrary files in the context of SYSTEM, potentially leading to a denial-of-service condition on the affected system (NVD).

Trend Micro has issued an update to correct this vulnerability. Users of affected products should apply the appropriate patches: Apex One 2019 should update to Patch 6 B10048 or later, and Worry-Free Business Security (WFBS) 10.0 SP1 should update to Patch 2368 or later (CERT-FR).