Fixes have been issued by Trend Micro for an actively exploited critical remote code execution zero-day flaw affecting its Apex One endpoint protection solution, reports BleepingComputer.
Trend Micro Apex One 2019, Trend Micro Apex One SaaS 2019, Worry-Free Business Security 10.0 SP1 or Virus Buster Business Security in Japan, and Worry-Free Business Security Services 10.0 SP1 or Virus Buster Business Security Services in Japan, are vulnerable to the security bug, tracked as CVE-2023-41179, which has been found within the security software's third-party uninstaller module.
While the vulnerability has been detected to be leveraged in at least one attempted attack, Trend Micro noted that exploitation required prior theft and login of management console credentials.
Organizations have been urged by Japan's Computer Emergency Response Team to immediately remediate the bug.
"If the vulnerability is exploited, an attacker who can log in to the product's administration console may execute arbitrary code with the system privilege on the PC where the security agent is installed," said JPCERT.
Vulnerability Management, Threat Management
Actively exploited Trend Micro Apex One zero-day addressed
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds