CVE-2023-52337: 
Trend Micro Deep Security Agent vulnerability analysis and mitigation

An improper access control vulnerability (CVE-2023-52337) was discovered in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. The vulnerability was reported on July 8, 2022, and publicly disclosed on January 19, 2024. The affected products include various versions of Deep Security Agent 20.0 and related security components (Trend Advisory, ZDI Advisory).

The vulnerability exists within the Anti-Malware Solution Platform, where the product applies insufficient access controls to a sensitive folder. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity and privilege requirements (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM. This could lead to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected system (ZDI Advisory).

Trend Micro has released version 20.0.0-8438 for Windows (20 LTS Update 2023-12-12) to address this vulnerability. Customers are strongly encouraged to update to the latest builds as soon as possible. Additionally, organizations should review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Advisory).

The vulnerability was responsibly disclosed by security researcher Abdelhamid Naceri working with Trend Micro's Zero Day Initiative. The coordinated disclosure process took approximately 18 months from initial report to public disclosure (ZDI Advisory).