CVE-2023-30902: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A privilege escalation vulnerability (CVE-2023-30902) was discovered in the Trend Micro Apex One and Apex One as a Service agent. The vulnerability was disclosed on May 16, 2023, affecting Apex One 2019 (On-prem) and Apex One as a Service versions before April 2023 Maintenance on Windows platforms (Trend Advisory).

The vulnerability has a CVSSv3 score of 2.9 (AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating a low severity level. The vulnerability could allow a local attacker to unintentionally delete privileged Trend Micro registry keys, including its own protected registry keys on affected installations (Trend Advisory).

If exploited, this vulnerability enables a local attacker to delete privileged Trend Micro registry keys, potentially affecting the security software's functionality. The impact is limited to registry key deletion, with no direct impact on confidentiality or availability (Trend Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One (on-premise), users should update to SP1 Critical Patch B12024. For Apex One as a Service, users should update to April 2023 Maintenance Hotfix - Build 202304 (Security Agent version: 14.0.12105). Customers are strongly encouraged to apply the latest available version to ensure all known issues are resolved (Trend Advisory).

The vulnerability was responsibly disclosed by Bahaa Naamneh of Crosspoint Labs, demonstrating effective collaboration between security researchers and Trend Micro (Trend Advisory).