Trend Micro Addresses Actively Exploited Remote Code Execution Flaw

by | Sep 20, 2023 | News

Trend Micro Addresses Actively Exploited Remote Code Execution Flaw

Post Views: 164

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Trend Micro has successfully patched a zero-day vulnerability that allowed remote code execution in its Apex One endpoint protection solution. This vulnerability was actively exploited in attacks.

Apex One is an endpoint security solution designed to serve businesses of all sizes. It also includes the ‘Worry-Free Business Security’ suite, tailored for small to medium-sized companies.

The vulnerability, identified as CVE-2023-41179, was assigned a high severity rating of 9.1 according to CVSS v3, classifying it as “critical.”

The flaw was found in a third-party uninstaller module that comes bundled with the security software.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Trend Micro’s security bulletin stated, “Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild. Customers are strongly encouraged to update to the latest versions as soon as possible.”

The following products are affected by this vulnerability:

  • Trend Micro Apex One 2019
  • Trend Micro Apex One SaaS 2019
  • Worry-Free Business Security (WFBS) 10.0 SP1 (marketed as Virus Buster Business Security (Biz) in Japan)
  • Worry-Free Business Security Services (WFBSS) 10.0 SP1 (marketed as Virus Buster Business Security Services (VBBSS) in Japan)

Trend Micro has released fixes in the following versions:

  • Apex One 2019 Service Pack 1 – Patch 1 (Build 12380)
  • Apex One SaaS 14.0.12637
  • WFBS Patch 2495
  • WFBSS July 31 update

It’s important to note that exploiting CVE-2023-41179 requires the attacker to have previously stolen the product’s management console credentials and used them to log in.

Trend Micro explained, “Exploiting these types of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine.”

Trending: The Rise and Fall of Sabu: From Hacker Hero to FBI Informant

Trending: Offensive Security Tool: Headerpwn

The Japanese Computer Emergency Response Team (CERT) has also issued an alert regarding the active exploitation of this vulnerability. They have urged users of the affected software to upgrade to a secure release as soon as possible.

JPCERT stated, “If the vulnerability is exploited, an attacker who can log in to the product’s administration console may execute arbitrary code with system privilege on the PC where the security agent is installed.”

As a temporary measure, organizations can limit access to the product’s administration console to trusted networks, preventing unauthorized access from external and arbitrary locations.

However, the ultimate solution is for administrators to install the security updates to prevent threat actors who have already infiltrated a network from leveraging the vulnerability to move laterally to other devices.

Trending: New Phishing Campaign Exploits Microsoft Teams to Deliver DarkGate Loader Malware

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This