Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code

Last Updated: September 26, 2023By

Multiple Trend Micro Endpoint Security Vulnerabilities Let Attackers Run Arbitrary Code

If you are using Trend Micro Apex One, be aware that there may be a vulnerability in the third-party Antivirus uninstaller module. This vulnerability could potentially allow for arbitrary code execution.

While the National Vulnerability Database (NVD) has not yet confirmed the severity of the issue, it is important to remain cautious and take appropriate measures to protect your system.

However, it was also found that this vulnerability is being exploited in the wild ITW). “Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild (ITW). Customers are strongly encouraged to update to the latest versions as soon as possible.” reads the post by Trend Micro.

Trend Micro has released a security advisory for fixing this vulnerability. This vulnerability also exists in Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBSS).



Document

FREE Webinar

Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.


CVE-2023-41179 – Arbitrary Code Execution Vulnerability

A threat actor can exploit this vulnerability to execute commands on the vulnerable endpoints. To exploit this vulnerability, an attacker must have access to the administrative console access on the target system as a prerequisite. 

Successful exploitation may allow the attacker to execute commands with system privileges on the PC where the security agent is installed. Trend Micro has rated this vulnerability with a severity score of 9.1 (Critical).

Affected Products & Fixed in Versions

Product Affected Version(s) Platform Fixed in Version* Notes
Apex One 2019 (On-prem) Windows SP1 Patch 1 (B12380) Readme
Apex One as a Service SaaS Windows July 2023 Monthly Patch (202307)Agent Version: 14.0.12637 Readme
Worry-Free Business Security(WFBS) 10.0 SP1 Windows 10.0 SP1 Patch 2495 Readme
Worry-Free Business Security Services(WFBSS) SaaS Windows July 31, 2023Monthly Maintenance Release

Users of these products are recommended to upgrade to the latest version of these products to prevent this vulnerability from getting exploited by threat actors.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.




Source link

Leave A Comment