Article Details
Scrape Timestamp (UTC): 2023-09-20 02:01:57.580
Original Article Text
Click to Toggle View
Trend Micro fixes endpoint protection zero-day used in attacks. Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks. Apex One is an endpoint security solution catering to businesses of all sizes, and the 'Worry-Free Business Security' suite is designed for small to medium-sized companies. The arbitrary code execution flaw is tracked as CVE-2023-41179 and has received a severity rating of 9.1 according to CVSS v3, categorizing it as "critical." The flaw exists in a third-party uninstaller module supplied with the security software. "Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild," reads the security bulletin. "Customers are strongly encouraged to update to the latest versions as soon as possible." The flaw impacts the following products: Fixes were made available in the following releases: A mitigating factor is that to exploit CVE-2023-41179, the attacker must have previously stolen the product's management console credentials and used them to log in. "Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine," explains Trend Micro. The Japanese CERT has also issued an alert about the active exploitation of the flaw, urging users of the impacted software to upgrade to a secure release as soon as possible. "If the vulnerability is exploited, an attacker who can log in to the product's administration console may execute arbitrary code with the system privilege on the PC where the security agent is installed," explains JPCERT. An effective workaround is limiting access to the product's administration console to trusted networks, locking out rogue actors who attempt to access the endpoint from external, arbitrary locations. However, ultimately, admins need to install the security updates to prevent threat actors who already breached a network from utilizing the flaw to spread laterally to other devices.
Daily Brief Summary
Trend Micro has fixed a remote code execution zero-day vulnerability (CVE-2023-41179) rated as "critical," which was being actively exploited in attacks.
The flaw was detected in Trend Micro's Apex One endpoint protection solution, used by businesses of varying sizes.
The vulnerability resided in a third-party uninstaller module included with the security software. If exploited, it could allow an attacker, who has system privilege access, to execute arbitrary code.
Trend Micro noted that exploitation of the vulnerability required the attacker to have previously stolen the product's management console credentials.
Customers are strongly advised to upgrade to the latest versions of the software as soon as possible as a mitigating measure. Other effective workarounds include limiting access to the product's administration console to trusted networks.
The Japanese CERT has issued an alert about the active exploitation and urged users to upgrade their software to a secure release immediately.