CVE-2023-52090: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A security agent link following vulnerability (CVE-2023-52090) was discovered in Trend Micro Apex One that could allow a local attacker to escalate privileges on affected installations. The vulnerability affects Apex One 2019 (On-prem) and Apex One as a Service versions prior to 14.0.12849 on Windows platforms. This vulnerability was discovered and reported through Trend Micro's Zero Day Initiative (ZDI Advisory, Trend Advisory).

The vulnerability exists within the Virus Scan Engine component of Trend Micro Apex One. The specific flaw allows an attacker to abuse the VSApiNt driver to delete a file through path manipulation. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required with low attack complexity and privileges required (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on the affected system. This could lead to complete compromise of the affected system with the highest privileges (ZDI Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One 2019 (On-prem), users should update to SP1 CP b12534, and for Apex One as a Service, users should update to the November 2023 Monthly Patch (202311) with Agent Version 14.0.12849. Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Advisory).