CVE-2023-52093: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

An exposed dangerous function vulnerability was discovered in the Trend Micro Apex One agent that could allow a local attacker to escalate privileges on affected installations. The vulnerability (CVE-2023-52093) was discovered by Lays (@_L4ys) of TRAPA Security working with Trend Micro's Zero Day Initiative. The affected systems include Apex One 2019 (On-prem) and Apex One as a Service SaaS on Windows platforms (Trend Advisory, ZDI Advisory).

The vulnerability exists within the Apex One NT Listener service. The specific flaw results from an exposed dangerous function that can be leveraged by attackers to escalate privileges and execute arbitrary code in the context of SYSTEM. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (ZDI Advisory).

A successful exploitation of this vulnerability would allow an attacker to escalate privileges and execute arbitrary code with SYSTEM level access on the affected system. However, the attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability (Trend Advisory).

Trend Micro has released patches to address this vulnerability. For Apex One 2019, users should update to SP1 CP b12534, and for Apex One as a Service, users should apply the November 2023 Monthly Patch (202311) with Agent Version 14.0.12849. Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Advisory).