CVE-2023-34146: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

An exposed dangerous function vulnerability (CVE-2023-34146) was discovered in the Trend Micro Apex One and Apex One as a Service security agent. The vulnerability was disclosed on June 6, 2023, affecting Apex One 2019 (On-prem) and Apex One as a Service versions before May 2023 Maintenance on Windows platforms (Trend Advisory).

The vulnerability exists within the Apex One NT Listener service and results from an exposed dangerous function. It received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is related to improper privilege management (CWE-269) and incorrect authorization (CWE-863) (NVD, ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and write arbitrary values to specific Trend Micro agent subkeys on affected installations. The attacker could potentially execute arbitrary code in the context of SYSTEM privileges (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One (On-prem), users should update to SP1 CP B12033. For Apex One as a Service, users should update to the May 2023 Maintenance Hotfix - Build 202305 (Security Agent version: 14.0.12518). Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date (Trend Advisory).

The vulnerability was discovered and reported by security researchers Lynn and Lays (@L4ys) working with Trend Micro's Zero Day Initiative ([Trend Advisory](https://success.trendmicro.com/dcx/s/solution/000293322?language=enUS)).