CVE-2023-32554: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A Time-of-Check Time-Of-Use (TOCTOU) vulnerability (CVE-2023-32554) was discovered in the Trend Micro Apex One and Apex One as a Service agent. The vulnerability was reported on December 22, 2022, and publicly disclosed on May 17, 2023. The affected systems include Apex One 2019 (On-prem) and Apex One as a Service versions before April 2023 Maintenance running on Windows platforms (Trend Advisory).

The specific vulnerability exists within the Apex One Client Plug-in Service Manager and results from the lack of proper locking when performing operations on a file. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-367 (Time-of-check Time-of-use Race Condition) (ZDI Advisory, NVD).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on affected installations. This could potentially give the attacker complete control over the affected system (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One (on-premise), users should update to SP1 Critical Patch B12024, and for Apex One as a Service, users should update to April 2023 Maintenance Hotfix - Build 202304 (Security Agent version: 14.0.12105). Customers are strongly encouraged to apply the latest available version to ensure all known issues are resolved (Trend Advisory).

The vulnerability was discovered and reported by Simon Zuckerbraun of Trend Micro's Zero Day Initiative, demonstrating the effectiveness of coordinated vulnerability disclosure programs (Trend Advisory).