Researchers have identified a security bug that targets Trend Micro’s Endpoint security products designed primarily for enterprises.
The vulnerability tracked as CVE-2023-41179 with a CVSS score of 9.1 resides with the 3rd Party AV Uninstaller Module within Trend Micro Endpoint security products. This flaw allows for arbitrary code execution. An attacker, with access to the product’s administration console, possesses the ability to execute any code with the system privilege on the PC where the security agent resides.
The products affected by this critical vulnerability are as follows:
- Trend Micro Apex One on Premise (2019)
- Trend Micro Apex One as a Service
- Worry-Free Business Security 10.0 SP1
- Worry-Free Business Security Services (SaaS)
Trend Micro has confirmed that this vulnerability has been exploited by the attackers in wild. Trend Micro Incorporated has been swift to release patches to remedy this vulnerability:
Trend Micro Apex One On Premise (2019) SP1 Patch 1 (b12380)
It’s paramount for users of these products to implement these patches immediately. An interim workaround exists: to curb the exploitative potential of CVE-2023-41179 and ensure that access is granted only from trusted networks. This action drastically lowers the likelihood of an unauthorized entity exploiting the vulnerability.
Trend Micro suggests a rapid update to the latest build and recommends constricting access to the management console to further protect systems. Specific steps for restricting access via IIS can be found here.