CVE-2022-44654 is assigned to a weakness that I have discovered in the User-Mode Hooking (UMH) Monitoring Engine module of Trend Micro Apex One and Apex One as a Service. This module, which helps to monitor for malicious payloads on Windows by injecting itself into each user-mode process and hooking certain Windows APIs, is missing an important security feature called SafeSEH.
The lack of SafeSEH protection leaves the module open to attack. An attacker could potentially abuse this weakness while exploiting a SEH-based buffer overflow to bypass security measures and cause harm to the affected software or the device running it. This weakness affects Apex One 2019 (on-premises) and Apex One as a Service.
Trend Micro was notified of this weakness on August 8, 2022 and a fix was released on October 25, 2022. It is important for users of affected versions of Apex One to install this patch or the latest available cumulative one as soon as possible. The vulnerability has a severity of 7.5 out of 10.
I would like to thank Trend Micro’s Product Security Incident Response Team for their professional communication and for Trend Micro’s commitment to addressing this weakness.
Disclosure Timeline
| 08.08.2022 | Initial notification per email |
| 09.08.2022 | Receipt confirmation. Vulnerability is being confirmed |
| 25.10.2022 | Vulnerability confirmed. Patch released |
| 09.11.2022 | Trend Micro’s public disclosure |
| 16.12.2022 | Own public disclosure 🙂 |
