Trend Micro has taken swift action to address a critical zero-day vulnerability in its Apex One endpoint protection solution, which had been actively exploited in attacks. This remote code execution flaw, identified as CVE-2023-41179 and rated 9.1 in severity according to CVSS v3, was traced back to a third-party uninstaller module associated with the security software.
Furthermore, the impacted products include Trend Micro Apex One 2019, Trend Micro Apex One SaaS 2019, Worry-Free Business Security (WFBS) 10.0 SP1, and Worry-Free Business Security Services (WFBSS) 10.0 SP1. Trend Micro has observed at least one instance of potential attacks leveraging this vulnerability in the wild, prompting a strong recommendation for customers to promptly update to the latest versions.
To exploit CVE-2023-41179, attackers must have previously obtained the product’s management console credentials, thereby limiting the risk to those with such access. However, the Japanese CERT has issued an alert concerning the active exploitation of this vulnerability and has urged users of affected software to upgrade to secure releases without delay.
Exploitation of the flaw could allow an attacker who can log into the product’s administration console to execute arbitrary code with system privileges on the affected PC.
While a temporary workaround involves restricting access to the product’s administration console to trusted networks, installing the provided security updates is the definitive step to prevent threat actors from exploiting the flaw and potentially compromising network integrity further.