Trend Micro's Deep Security Agent enables infiltration of malicious code

Trend Micro's Deep Security Agent is plagued by a security leak that allows attackers to infiltrate malicious code. The manufacturer is providing updated software that IT managers should install quickly.

In a security announcement, Trend Micro's developers write that the vulnerability allows attackers to extend their rights on vulnerable machines and execute arbitrary code. Under unspecified circumstances, attackers who have access to the domain can also remotely inject code on other machines in the domain (CVE-2024-51503, CVSS 8.0, risk"high").

Trend Micro security vulnerability: mitigating circumstances

In order to exploit the vulnerability, attackers would need physical or remote access to a vulnerable machine, Trend Micro restricts. However, the severity of the vulnerability also reveals that this is not too high a hurdle. The manufacturer therefore logically writes: "Trend Micro strongly recommends that customers update to the latest builds as soon as possible."

Affected are the Deep Security Agent for Windows before the corrected version 20.0.1-21510 and Deep Security Notifier on DSVA version 20.0.0-8438 for Windows VMs. Deep Security 20.0.1-21510 for Windows (20 LTS Update 2024-10-16) is available for download. Those using the Deep Security Notifier on DSVA should install the full Deep Security Agent package 20.0.1, which also updates the Notifier. Trend Micro emphasizes that these are the minimum versions for these bug fixes and recommends downloading and installing the latest available version of the software.

This is the second time in a short space of time that Trend Micro has had to patch vulnerabilities in the Deep Security Agent. A month ago, a high-risk vulnerability was discovered that allowed attackers to escalate their privileges.

(dmk)