CVE-2022-40708 An OOB read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security could allow a local attacker to disclose sensitive information.

The most significant difference between the two is that CVE-2022-40707 requires user interaction in order to be exploited, while this vulnerability can be exploited by a local attacker without user interaction. In addition, this vulnerability is applicable to Cloud One installations running on Windows, while CVE-2022-40707 is applicable to Cloud One installations running on Linux.

Affected Trend Micro products These are the affected versions of Trend Micro products: Deep Security 20, Workload Security Agent for Windows, Cloud One (Cloud One on Windows) and XG Firewall (XG Firewall on Windows). To determine which version of a product is being used on a given Windows system, please refer to the following table. End-users and small businesses that are running Trend Micro products on Windows systems should upgrade to the latest versions as soon as possible. Large enterprises should deploy the latest versions of the affected Trend Micro products to their Windows environments. Workarounds

Install Trend Micro XG Firewall on Windows

As a workaround, you can install Trend Micro XG Firewall on Windows systems.

Disable SMB 1.0 and SMB 2.0 on Windows systems

Trend Micro’s response to this vulnerability is twofold. Trend Micro recommends disabling the following services in order to avoid exploitation:
- SMB 1.0 on Windows (Windows XP, Server 2003, Server 2008)
- SMB 2.0 on Windows (Windows Vista, Server 2008 and later).
- SMB 1.0 on Linux
- SMB 2.0 on Linux
End-users and small businesses that are running Trend Micro products on Windows systems should upgrade to the latest versions as soon as possible. Large enterprises should deploy the latest versions of the affected Trend Micro products to their Windows environments.

Temporary workaround for CVE-2022-40707 :

A workaround for the issue is to block TCP port 4553 on your Windows systems.

Disable TCP and UDP option 82

A workaround for this vulnerability is to disable TCP and UDP option 82 on the affected Trend Micro products. This will make it impossible for this issue to be exploited remotely without user interaction. To do this, administrators should follow these steps:

1. Set TCP/UDP option 82 to 'Disabled' in the registry key below:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters (32-bit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters (64-bit)
2. Restart the affected Trend Micro product.

Install the latest Trend Micro product to run on Windows

As a workaround, you can install the latest version of Trend Micro products on Windows to run them with the current vulnerability.

Timeline

Published on: 09/28/2022 21:15:00 UTC
Last modified on: 09/29/2022 15:04:00 UTC

References

• https://www.zerodayinitiative.com/advisories/ZDI-22-1298/
• https://success.trendmicro.com/solution/000291590
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40708