CVE-2022-44654 is assigned to a weakness that I have discovered in the User-Mode Hooking (UMH) Monitoring Engine module of Trend Micro Apex One and Apex One as a Service. This module, which helps to monitor for malicious payloads on Windows by injecting itself into each user-mode process and hooking certain Windows APIs, is missing an important security feature called SafeSEH.

The lack of SafeSEH protection leaves the module open to attack. An attacker could potentially abuse this weakness while exploiting a SEH-based buffer overflow to bypass security measures and cause harm to the affected software or the device running it. This weakness affects Apex One 2019 (on-premises) and Apex One as a Service.

Trend Micro was notified of this weakness on August 8, 2022 and a fix was released on October 25, 2022. It is important for users of affected versions of Apex One to install this patch or the latest available cumulative one as soon as possible. The vulnerability has a severity of 7.5 out of 10.

I would like to thank Trend Micro’s Product Security Incident Response Team for their professional communication and for Trend Micro’s commitment to addressing this weakness.

Disclosure Timeline

08.08.2022 Initial notification per email
09.08.2022 Receipt confirmation. Vulnerability is being confirmed
25.10.2022 Vulnerability confirmed. Patch released
09.11.2022 Trend Micro’s public disclosure
16.12.2022 Own public disclosure 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.