CVE-2023-52338: 
Trend Micro Deep Security Agent vulnerability analysis and mitigation

A link following vulnerability (CVE-2023-52338) was discovered in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent. The vulnerability was reported on September 7, 2023, and publicly disclosed on January 19, 2024. The affected systems include Trend Micro Deep Security Agent version 20.0 running on Windows platforms (ZDI Advisory, Trend Micro Advisory).

The specific flaw exists within the Trend Micro Anti-Malware Solution Platform. The vulnerability allows attackers to abuse the service to delete a file by creating a symbolic link. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is classified as CWE-59: Improper Link Resolution Before File Access ('Link Following') (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to escalate privileges and execute arbitrary code in the context of SYSTEM on affected installations. This could lead to complete system compromise with the highest privileges (ZDI Advisory).

Trend Micro has released version 20.0.0-8438 for Windows (20 LTS Update 2023-12-12) to address this vulnerability. Customers are strongly encouraged to update to the latest builds as soon as possible. Additionally, customers are advised to review remote access to critical systems and ensure policies and perimeter security are up-to-date (Trend Micro Advisory).

The vulnerability was discovered and reported by NT AUTHORITY\ANONYMOUS LOGON working with Trend Micro's Zero Day Initiative. The coordinated disclosure process was followed, with the vulnerability being reported on September 7, 2023, and publicly disclosed on January 19, 2024 (ZDI Advisory).