Trend Micro Apex One and Vision One Origin Validation Vulnerability Allowing Local Privilege Escalation

A vulnerability allowing origin validation errors in the Apex One/SEP agent could enable a local attacker to escalate privileges on affected systems. This vulnerability exists in Apex One 2019 (on-premise), Apex One as a Service, and TrendAI Vision One Endpoint Security - Standard Endpoint Protection (SEP) with agent builds prior to 14.0.20731. The vulnerability arises because the affected process protection mechanisms do not properly validate origins, allowing for unauthorized privilege escalation. To exploit this vulnerability, an attacker must first gain the ability to execute low-privileged code on the target system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a local attacker to gain elevated rights on the affected system.

Remediation

Users of Apex One (on-prem) should update to SP1 CP Build 18012 or SP1 Build 17079. For Apex One as a Service and TrendAI Vision One SEP users, the Security Agent build 14.0.20731 is available. Customers are encouraged to visit the Trend Micro Download Center to obtain the latest versions.