Thursday 1 April 2021
The impact of this issue announcement is critical. Please act accordingly to rectify the issue, as stated below.
Trend Micro Apex One
What you need to know:
Vulnerabilities have been found in Trend Micro Apex One including:
- Improper Access Control Privilege Escalation Vulnerabilities
- Incorrect Permission Assignment Privilege Escalation Vulnerability
- Insecure File Permissions Vulnerability
The vulnerabilities found may be exploited by attacker either remotely or with physical access to machine. An attacker could escalate privileges on affected installations or could possibly take control of a specific log file on affected installations.
Actions to be taken:
For Apex One on-prem, you need to apply the updated version Critical patch 9204: https://files.trendmicro.com/products/Apex%20One/apex_one_2019_win_en_criticalpatch_b9204.exe
For Apex One SaaS, you need to push the updates on the agent with the monthly patch 202103.