Attackers could target a vulnerability in Trend Micro’s Windows protection solutions.
On Windows, attackers who successfully exploit a vulnerability in Trend Micro’s Apex One and Worry-Free Business anti-virus applications could gain higher user privileges.
According to an alert, the vulnerability (CVE-2022-36336) has a threat level of “high“. In order for an attack to succeed, however, an attacker needs access to a computer; either locally or remotely. No further details on attack scenarios are currently known.
Trend Micro states that the following versions are at risk:
- Apex One 2019 (On prem)
- Apex One as a Service SaaS
- Worry-Free Business Security 10.0 SP1
- Worry-Free Business Security Services SaaS
The security patch should be in the automatic update Spyware Pattern 25.27 condition. If at least this version is installed, systems are protected against the attack.