Trend Micro Critical Vulnerability CVE-2023-41179
Trend Micro has recently addressed a critical security vulnerability, tracked as CVE-2023-41179, impacting their Apex One and Worry-Free Business Security solutions for Windows. This vulnerability has been actively exploited in real-world attacks, posing a significant threat to affected systems. This advisory provides essential details about the vulnerability, affected products, and recommended actions to mitigate the risk.
Vulnerability Details:
- CVE Identifier: CVE-2023-41179
- Severity: Critical (CVSS score: 9.1)
- Vulnerability Type: Remote Code Execution
- Affected Products:
- Apex One 2019 (on-premise)
- Apex One as a Service
- Worry-Free Business Security 10.0 SP1
- Worry-Free Business Security Services
Description:
The vulnerability exists within a third-party antivirus uninstaller module bundled with Trend Micro’s Apex One and Worry-Free Business Security solutions. If successfully exploited, an attacker with administrative console access can execute arbitrary commands on the affected installation. It’s crucial to note that the attacker must already have administrative console access to the target system for exploitation.
Impact:
Exploitation of CVE-2023-41179 can lead to unauthorized code execution on affected systems, potentially compromising sensitive data and system integrity. Trend Micro has observed active attempts to exploit this vulnerability in real-world attacks, emphasizing the importance of immediate action.
Recommended Actions:
- Apply Patches: Trend Micro has released patches and hotfixes to address this vulnerability. Affected users should apply the appropriate updates as soon as possible. The specific releases containing fixes are as follows:
- Apex One 2019 – SP1 Patch 1 (Build 12380)
- Apex One as a Service – SP1 Patch 1 (Build 12380) and Agent version 14.0.12637
- Worry-Free Business Security – 10.0 SP1 Patch 2495
- Worry-Free Business Security Services – July 31, 2023, Monthly Maintenance Release
- Access Control: As a temporary workaround, it is recommended to limit access to the product’s administration console to trusted networks. This measure can help prevent unauthorized access while awaiting the installation of security updates.
Additional Information:
Trend Micro has reported active exploitation of CVE-2023-41179 in the wild. The Japanese CERT has also issued an alert urging users of the impacted software to upgrade to a secure release promptly. This vulnerability underscores the critical importance of keeping security software up to date to protect against emerging threats.
The SOC teams of OBRELA remain vigilant and are closely monitoring clients’ infrastructure regarding potential exploitation attempts.
References:
- https://www.bleepingcomputer.com/news/security/trend-micro-fixes-endpoint-protection-zero-day-used-in-attacks/
- https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-41179
- https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
- https://www.jpcert.or.jp/english/at/2023/at230021.html
