Trend Micro Releases Patches for Critical Vulnerabilities in Endpoint Products
Take action: If you are using Trend Micro, start the updates process. It takes a lot of time to push updates on all endpoints, so the earlier you start, the better your posture is.
Learn More
Trend Micro recently issued an advisory regarding a critical zero-day vulnerability, tracked as CVE-2023-41179 (CVSS3 score 9.1). This security flaw has a significant impact on Apex One, Apex One SaaS, and Worry-Free Business Security.
Trend Micro Apex One and Worry-Free Business Security are endpoint protection products aimed as SME and Medium companies.
The nature of this vulnerability allows malicious actors to execute arbitrary code by leveraging the product's capability to uninstall third-party security software. Essentially, it exploits a weakness in how these products handle the removal of external security software.
In their advisory, provided in Japanese, Trend Micro elaborated on the specifics of the attack. The attacker must first gain access to a product's administrative console and obtain the management console authentication credentials beforehand. This prerequisite is crucial, as the vulnerability itself cannot infiltrate a network independently.
Trend Micro has confirmed instances of this vulnerability being actively exploited in the wild. Trend Micro strongly recommending immediate updates to the latest versions to bolster security measures.
