Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
Apex One is an endpoint security solution catering to businesses of all sizes, and the 'Worry-Free Business Security' suite is designed for small to medium-sized companies.
The arbitrary code execution flaw is tracked as CVE-2023-41179 and has received a severity rating of 9.1 according to CVSS v3, categorizing it as "critical."
The flaw exists in a third-party uninstaller module supplied with the security software.
"Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild,"
reads the security bulletin.
"Customers are strongly encouraged to update to the latest versions as soon as possible."
The flaw impacts the following products:
- Trend Micro Apex One 2019
- Trend Micro Apex One SaaS 2019
- Worry-Free Business Security (WFBS) 10.0 SP1 (sold as Virus Buster Business Security (Biz) in Japan)
- Worry-Free Business Security Services (WFBSS) 10.0 SP1 (sold as Virus Buster Business Security Services (VBBSS) in Japan)
Fixes were made available in the following releases:
- Apex One 2019 Service Pack 1 – Patch 1 (Build 12380)
- Apex One SaaS 14.0.12637
- WFBS Patch 2495
- WFBSS July 31 update
A mitigating factor is that to exploit CVE-2023-41179, the attacker must have previously stolen the product's management console credentials and used them to log in.
"Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine," explains Trend Micro.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
