Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)

Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.

About CVE-2023-41179

The nature of the flaw hasn’t been revealed, but we know it’s present in the third-party AV uninstaller module provided with the products, and can be exploited to execute arbitrary code with the system privilege on the PC where a vulnerable security agent is installed.

CVE-2023-41179 affects:

• Trend Micro Apex One On Premise (2019)
• Trend Micro Apex One as a Service
• Worry-Free Business Security 10.0 SP1
• Worry-Free Business Security Services (SaaS)

Patches and mitigations

“Trend Micro has observed at least one active attempt of potential exploitation of [CVE-2023-41179] in the wild,” the company shared.

To exploit the vulnerability, attackers must first log in to a vulnerable product’s administration console. Thus, restricting remote access to the console is a way to mitigate risk of exploitation.

Still, patching/updating is the best and preferred course of action because the vulnerability may also be exploited for lateral movement by attackers who have gained access to other company assets via other means.

“Even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible,” the company stressed.

The vulnerability has been fixed in Trend Micro Apex One as a Service and Worry-Free Business Security Services (SaaS) with patches released in July 2023.

Admins of Trend Micro Apex One On Premise and Worry-Free Business Security should implement the latest patches – SP1 Patch 1 (B12380) and 10.0 SP1 Patch 2495, respectively – as soon as possible.

Attackers have leveraged zero-days in Apex One in the past.