CVE-2024-58104 – This vulnerability in Trend Micro Apex One Secu... (How to Fix)

Q: What is the severity of CVE-2024-58104?

CVE-2024-58104 has a CVSS score of 7.3 (HIGH). This vulnerability in Trend Micro Apex One Security Agent allows a local attacker with low-privileged access to bypass security controls and execute arbitrary code on affected systems. It affects installations where the attacker already has some foothold on the target machine. Organizations using Trend Micro Apex One Security Agent are potentially impacted.

📋 TL;DR

This vulnerability in Trend Micro Apex One Security Agent allows a local attacker with low-privileged access to bypass security controls and execute arbitrary code on affected systems. It affects installations where the attacker already has some foothold on the target machine. Organizations using Trend Micro Apex One Security Agent are potentially impacted.

💻 Affected Systems

Products:

Trend Micro Apex One Security Agent

Versions: Specific versions not provided in CVE description - check vendor advisory

Operating Systems: Windows (implied by Trend Micro Apex One platform)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Trend Micro Apex One Security Agent with vulnerable plug-in User Interface Manager component

📦 What is this software?

Apex One by Trendmicro

View all CVEs affecting Apex One →

Apex One by Trendmicro

View all CVEs affecting Apex One →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, ransomware deployment, or persistent backdoor installation

🟠

Likely Case

Privilege escalation allowing attackers to move laterally within the network or install additional malware

🟢

If Mitigated

Limited impact due to proper access controls and monitoring preventing initial low-privileged access

🌐 Internet-Facing: LOW - Requires local access to exploit

🏢 Internal Only: HIGH - Once an attacker gains initial access to a workstation, they can exploit this to escalate privileges

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to first obtain ability to execute low-privileged code on target system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://success.trendmicro.com/en-US/solution/KA-0018217

Restart Required: No

Instructions:

1. Review Trend Micro advisory KA-0018217 2. Update Trend Micro Apex One Security Agent to latest version 3. Ensure all endpoints are updated through central management console

🔧 Temporary Workarounds

Restrict local user privileges

all

Implement least privilege principle to prevent initial low-privileged code execution

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Enhance endpoint detection and response (EDR) monitoring for suspicious process behavior

🔍 How to Verify

Check if Vulnerable:

Check Trend Micro Apex One Security Agent version against vendor advisory

Check Version:

Check through Trend Micro Apex One management console or local agent interface

Verify Fix Applied:

Verify agent version is updated to patched version specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Trend Micro agent components
Privilege escalation attempts

Network Indicators:

Unusual outbound connections from endpoints with Trend Micro agent

SIEM Query:

Process creation where parent process contains 'Trend Micro' and child process is suspicious or elevated

📊 Metadata

CVE ID: CVE-2024-58104

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.04% exploit probability (12.9th percentile)

Published: March 25, 2025

Last Updated: August 1, 2025

🔗 References

https://success.trendmicro.com/en-US/solution/KA-0018217 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58104, you might also want to check these: