Thursday 06 November 2020
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
Trend Micro Apex One
What you need to know:
Trend Micro Apex One Critical Patch Server and Agent Build 8422 Released.
Issues from previous versions listed below have been resolved:
- A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product’s management console
- Changes in the Google API prevents Data Loss Prevention™ (DLP) from detecting sensitive information sent through Gmail in Google Chrome 73
- The tmlisten service stops unexpectedly when users add an NIC description in the Personal Firewall (PFW) profile and deploy the profile to agents.
- The Smart Scan Pattern of File Reputation Services occupies a large amount of disk space on the Apex One server.
- An issue related to the Microsoft™ Excel™ files with macro content cannot be saved to a network shared folder from an endpoint, some Microsoft Excel temp files cannot be deleted after trying to save the files.
- The Security Agent program may become corrupted when users install it from the MSI installation package (Windows Installer) using the wrong command in the command line.
- Attempting to restart or stop the WMI service (winmgmt) is unsuccessful on endpoints with the Security Agent installed. The tmlisten service of the Security Agent has a dependency with the WMI service.
- The Apex One Application Control lockdown feature does not work after users switch to a different user account.
- When a user starts a Security Agent outside the corporate network, the Security Agent does not communicate on Online status to the Edge Relay Server.
- This hotfix updates the Apex Central files to display more information about the Application Control violation log entries.
NOTE: This feature requires the installation of Apex Central hotfix 3919 or above.
- The Endpoint Sensor may purge the Root Cause Analysis results by mistake when Apex Central is managing more than one Apex One server.
- An issue causes Apex One security agent remote installation to fail.
- An issue related to the Microsoft™ Monitoring Agent may cause the Apex One Endpoint Sensor Advanced Threat Assessment Service application pool to stop unexpectedly after installing the Apex One server.
- An “Error ID: 420” occurs while the Apex One Endpoint Sensor policy is deployed and the “Unable to get the registered server list. There are no registered servers.” error appears on the Apex Central “Preliminary Investigation” page.
- The Trend Micro Vulnerability Protection Service cannot start while processing a specific certificate.
- This critical patch updates some Apex One files to detect inconsistent certifications from the Microsoft Management Console certificate store. If it detects an inconsistency, Apex One will automatically recover the authentication file (OfcIPCer.dat) from the Microsoft Management Console certificate store on the Apex One server.
- A command injection vulnerability may allow an attacker to extract files from an arbitrary zip file to the specific folder in Apex One server.
Actions to be taken:
Download and install latest critical patch build 8422.
What is the impact of not doing the action?
Certain vulnerabilities were patched and improvements and fixes for the previous version.