Trend Micro Apex One and Vision One Origin Validation Vulnerability Allowing Local Privilege Escalation

A vulnerability allowing local privilege escalation has been identified in the Trend Micro Apex One and Vision One Standard Endpoint Protection (SEP) products. This vulnerability arises from an origin validation error in the communication mechanism of the Apex One/SEP agent, which could be exploited by a local attacker to escalate privileges on the affected system. The vulnerability requires the attacker to have the ability to execute low-privileged code on the target system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a local attacker to gain elevated rights on the affected system.

Remediation

Users of Trend Micro Apex One (on-prem) should update to SP1 CP Build 18012 or SP1 Build 17079. For Trend Micro Apex One as a Service and Vision One SEP users, the Security Agent build 14.0.20731 is available. Customers are encouraged to visit the Trend Micro Download Center to obtain the latest versions.