Flash Notice: Patch Now - Trend Micro Zero-Day Exploited by Attackers, Impacts Endpoint Security Products

September 21, 2023

overview

Trend Micro has issued an advisory concerning a severe vulnerability impacting Apex One and several endpoint security products. Tracked as CVE-2023-41179, this vulnerability has been actively exploited by attackers in the wild.

CVE-2023-41179 revolves around the capability of these products to uninstall third-party security software, potentially leading to arbitrary code execution. To successfully exploit this vulnerability, an attacker must possess access to the product's administrative console. It's crucial to understand that for this attack to work, the attacker must have already stolen the login information for the product's management console. The vulnerability by itself does not allow unauthorized access to the target network.

Updates to fix the problem are now available for all impacted products. While Trend Micro typically doesn't share much about vulnerabilities, it's worth mentioning that there have been some instances where Trend Micro’s vulnerabilities have been linked to Chinese threat actors.

Products impacted are as follows:

Trend Micro Apex One 2019
Trend Micro Apex One SaaS 2019
Worry-Free Business Security (WFBS) 10.0 SP1 (referred to as Virus Buster Business Security (Biz) in Japan)
Worry-Free Business Security Services (WFBSS) 10.0 SP1 (referred to as Virus Buster Business Security Services (VBBSS) in Japan)

Trend Micro’s security advisory states that there is evidence of at least one active attempt to exploit CVE-2023-41179 in the wild. Customers are strongly apply the appropriate updates to ensure their systems remain secure.

avertium's recommendationS

Fixes are available in the following releases:

Apex One 2019 Service Pack 1 – Patch 1 (Build 12380)
Apex One SaaS 14.0.12637
WFBS Patch 2495
WFBSS July 31 update
- According to Trend Micro these are the minimum recommended version(s) of the patches and/or builds required to address the issue. Trend Micro highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.
- Trend Micro is advising all customers to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying the above security solutions.
- For more information, please see Trend Micro’s advisory.
Additionally, useful workaround involves restricting access to the product's admin console to trusted networks. This action helps prevent unauthorized individuals, who might try to access the endpoint from random external locations, from gaining entry.
- However, its is highly advised that admins install the security updates, as this will stop attackers who have already infiltrated a network using CVE-2023-41179.

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-41179. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.

How Avertium is Protecting Our CUSTOMERS

Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:

- Risk Assessments
- Pen Testing and Social Engineering
- Infrastructure Architecture and Integration
- Zero Trust Network Architecture
- Vulnerability Management