CVE-2022-40710: 
Trend Micro Deep Security Agent vulnerability analysis and mitigation

A link following vulnerability was discovered in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows. The vulnerability was reported on March 2, 2022, and publicly disclosed on September 23, 2022. This security flaw could potentially allow a local attacker to escalate privileges on affected installations, though it requires the attacker to first obtain the ability to execute low-privileged code on the target system (ZDI Advisory).

The vulnerability exists within the Trend Micro Anti-Malware Solution Platform. The specific flaw allows attackers to abuse the service to delete a file by creating a symbolic link. The vulnerability has been assigned a CVSS score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a high severity level (ZDI Advisory).

When successfully exploited, this vulnerability enables attackers to escalate privileges and execute arbitrary code in the context of SYSTEM, potentially giving them complete control over the affected system (ZDI Advisory).

Trend Micro has released an update to address this vulnerability. Users of affected systems are advised to apply the security patch as soon as possible (ZDI Advisory).