JVNVU#96058081: Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control

Overview

Trend Micro Incorporated has released a security update for Deep Security 20 Agent (for Windows).

Products Affected

Deep Security Agent (for Windows) Build prior to 20.0.1-17380

Description

Trend Micro Incorporated has released a security update for Deep Security 20 Agent (for Windows) to fix a improper access control vulnerability (CVE-2024-48903).

Impact

A non-administrative user of Windows system where the affected product is installed may obtain the administrative privilege.

Solution

Update the software
Update Deep Security 20 Agent to the latest version according to the information provided by the developer.
The developer has released the following version that address the vulnerability.

Deep Security Agent Build: 20.0.1-17380 (20 LTS Update 2024-08-21)

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Trend Micro Deep Security 20 Agent Improper Access Control Local Privilege Escalation Vulnerability
	Deep Security Software

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#96058081 Trend Micro Deep Security 20 Agent for Windows vulnerable to improper access control