CVE-2022-24680: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A security link following local privilege escalation vulnerability (CVE-2022-24680) was discovered in Trend Micro Apex One Security Agent, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1, and Trend Micro Worry-Free Business Security Services agents. The vulnerability was reported on October 8, 2021, and publicly disclosed on February 16, 2022 (ZDI Advisory).

The specific vulnerability exists within the NT Apex One RealTime Scan Service. The flaw allows local attackers to escalate privileges on affected installations by creating a mount point that can be abused to delete folders. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (ZDI Advisory).

When successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. However, it's important to note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (ZDI Advisory).

Trend Micro has issued an update to correct this vulnerability. Users of affected products should apply the security updates provided by Trend Micro (ZDI Advisory).