Trend Micro has addressed six high-severity vulnerabilities in its Apex One and Apex One as a Service product, which could allow attackers to escalate privileges on affected Windows systems.
These vulnerabilities were disclosed under the Common Vulnerabilities and Exposures (CVE) system and have been resolved in the latest builds released by Trend Micro.
The vulnerabilities could potentially allow local attackers to gain elevated privileges and execute malicious operations on compromised systems. Trend Micro strongly recommends all users update their installations to mitigate potential security risks.
Vulnerabilities Summary
| CVE ID | Description |
| CVE-2024-52048 | LogServer Link Following Local Privilege Escalation |
| CVE-2024-52049 | LogServer Link Following Local Privilege Escalation (variant of CVE-2024-52048) |
| CVE-2024-52050 | LogServer Arbitrary File Creation Local Privilege Escalation |
| CVE-2024-55631 | Engine Link Following Local Privilege Escalation |
| CVE-2024-55632 | Security Agent Link Following Local Privilege Escalation |
| CVE-2024-55917 | Origin Validation Error Local Privilege Escalation |
Affected Versions
| Product | Affected Versions | Platform | Language |
| Apex One | Versions before Build 13140 | Windows | English |
| Apex One as a Service | Versions before 202412 (Agent Version: 14.0.14203) | Windows | English |
Solution
To address these vulnerabilities, Trend Micro has released the following updates:
| Product | Updated Version | Availability |
| Apex One | SP1 Build 13140 | Now Available |
| Apex One as a Service | December 2024 Maintenance | Now Available |
Customers can download these updates via the Trend Micro Download Center. Ensure all prerequisite service packs are applied before installation.
To mitigate the risks posed by these vulnerabilities, Trend Micro advises organizations to take immediate action.
First and foremost, ensure that the latest patches and updates are applied promptly to affected Apex One products, as the vulnerabilities require system updates to be addressed effectively.
Since exploiting these issues typically requires an attacker to have local access to the target machine, organizations should also restrict physical and remote access to critical systems.
Reviewing and updating perimeter security measures, such as access controls and remote access policies, is crucial to minimizing exposure.
Adopting robust cybersecurity best practices, including privileged access management, network segmentation, and proactive monitoring, can provide an additional layer of defense against similar exploitation attempts in the future.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
