US CISA added the high-severity flaw CVE-2023-41179, affecting Trend Micro Apex One and Worry-Free Business Security to its Known Exploited Vulnerabilities Catalog.
Trend Micro this week has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.
An attacker can trigger this vulnerability after it has logged into the product’s administrative console. The vendor recommends that customers update their installs to the latest version as soon as possible.
To mitigate the risk of exploitation the company recommends allowing access only from trusted networks.
Trend Micro has not shared any information regarding the attacks exploiting this vulnerability.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this flaw by October 12, 2023.