A recent security flaw has been discovered in Trend Micro Apex One, which could potentially allow for the execution of random code on affected systems. Although the National Vulnerability Database (NVD) has not yet provided a detailed analysis of the severity of the issue, users are advised to take precautionary measures to safeguard their systems.
It has been found that this security vulnerability is already being exploited in the real world. Trend Micro has identified at least one ongoing attempt to exploit this vulnerability, leading them to urge customers to update their software as soon as possible. To address this issue, Trend Micro has released a security warning that outlines steps to fix the problem. Additionally, Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBSS) are also vulnerable due to this flaw.
The vulnerability, known as CVE-2023-41179, allows threat actors to send commands to susceptible endpoints. However, in order for an attacker to exploit this flaw, they must have access to the administrative console on the target machine. If successful, the attacker may be able to run commands on the affected PC with system privileges. Trend Micro has assigned a severity score of 9.1 (Critical) to this vulnerability due to its potential impact.
To address this vulnerability, Trend Micro has provided a list of affected products and the corresponding fixed versions. For Apex One 2019 (On-prem), Windows users should update to SP1 Patch 1 (B12380). Apex One as a Service users on Windows should update to July 2023 Monthly Patch (202307) with Agent Version 14.0.12637. Users of Worry-Free Business Security (WFBS) 10.0 SP1 for Windows should update to Patch 2495, while Worry-Free Business Security Services (WFBSS) users on Windows should switch to the July 31, 2023 Monthly Maintenance Release.
It is crucial for users of these products to update to the latest versions promptly to prevent potential exploitation by malicious actors. By staying informed and taking the necessary steps to protect their systems, users can mitigate the risks associated with this vulnerability.
To stay updated on the latest cybersecurity news, users can follow Cyber Security News on Google News, Linkedin, Twitter, and Facebook.
Please note that this article is based on information provided by Trend Micro and the National Vulnerability Database (NVD). Users are encouraged to consult appropriate sources for detailed instructions and recommendations specific to their systems and software.