Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element

Overview

Trend Micro Incorporated has released the security updates for Deep Security 20.0 Agent (for Windows).

Description

Trend Micro Incorporated has released the security updates for Deep Security 20.0 Agent (for Windows) that contains a fix for an uncontrolled search path element vulnerability (CWE-427, CVE-2024-55955).

Impact

A non-administrative user of Windows system where the affected product is installed may obtain the administrative privilege.

Solution

Update the software
Update Deep Security 20.0 Agent (for Windows) to the latest version according to the information provided by the developer.
The developer has released the following version that addresses the vulnerability.

• Deep Security 20.0 Agent (for Windows) Build: 20.0.1-23340 (20 LTS Update 2024-11-13)

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.