If you are using Trend Micro Apex One, be aware that there may be a vulnerability in the third-party Antivirus uninstaller module. This vulnerability could potentially allow for arbitrary code execution.
While the National Vulnerability Database (NVD) has not yet confirmed the severity of the issue, it is important to remain cautious and take appropriate measures to protect your system.
However, it was also found that this vulnerability is being exploited in the wild ITW). “Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild (ITW). Customers are strongly encouraged to update to the latest versions as soon as possible.” reads the post by Trend Micro.
Trend Micro has released a security advisory for fixing this vulnerability. This vulnerability also exists in Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBSS).
Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.
CVE-2023-41179 – Arbitrary Code Execution Vulnerability
A threat actor can exploit this vulnerability to execute commands on the vulnerable endpoints. To exploit this vulnerability, an attacker must have access to the administrative console access on the target system as a prerequisite.
Successful exploitation may allow the attacker to execute commands with system privileges on the PC where the security agent is installed. Trend Micro has rated this vulnerability with a severity score of 9.1 (Critical).
Affected Products & Fixed in Versions
|Product||Affected Version(s)||Platform||Fixed in Version*||Notes|
|Apex One||2019 (On-prem)||Windows||SP1 Patch 1 (B12380)||Readme|
|Apex One as a Service||SaaS||Windows||July 2023 Monthly Patch (202307)Agent Version: 14.0.12637||Readme|
|Worry-Free Business Security(WFBS)||10.0 SP1||Windows||10.0 SP1 Patch 2495||Readme|
|Worry-Free Business Security Services(WFBSS)||SaaS||Windows||July 31, 2023Monthly Maintenance Release|
Users of these products are recommended to upgrade to the latest version of these products to prevent this vulnerability from getting exploited by threat actors.