CVE-2022-24679: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A local privilege escalation vulnerability (CVE-2022-24679) was discovered in Trend Micro security products, including Apex One, Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1, and Trend Micro Worry-Free Business Security Services agents. The vulnerability was reported on October 8, 2021, and publicly disclosed on February 16, 2022 (ZDI Advisory).

The vulnerability exists within the NT Apex One RealTime Scan Service. By creating a DOS device redirection, an attacker can abuse the service to create a writable folder in an arbitrary location. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. However, it's important to note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (ZDI Advisory).

Trend Micro has released security updates to address this vulnerability. For Apex One (On-prem) 2019, users should install the CP B10071 patch. The fix is already included in Apex One SaaS versions 2021-12 (14.0.10154) and 2022-01 (14.0.10223) (CERT-FR).