CVE-2022-44650: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2022-44650) was discovered in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service. The vulnerability was reported to the vendor on May 16, 2022, and was publicly disclosed on November 21, 2022. This security flaw affects Apex One as a Service versions without the October 2022 security patch (Security Agent version: 14.0.11789) and Apex One 2019 (On-prem) versions without the security patch SP1 b11128 (ZDI Advisory, CERT-FR).

The vulnerability exists within the Unauthorized Change Prevention Service of Trend Micro Apex One Security Agent. When exploited, a crafted request can trigger a write past the end of an allocated data structure. The vulnerability has been assigned a CVSS score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating a high severity rating (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete system compromise, potentially affecting both data confidentiality and integrity (ZDI Advisory).

Trend Micro has issued security updates to address this vulnerability. Users of affected systems should apply the appropriate patches: for Apex One as a Service, update to the October 2022 security patch (Security Agent version higher than 14.0.11789), and for Apex One 2019 (On-prem), apply security patch SP1 b11128 (CERT-FR).