Apex One and Worry-Free products are safe, but what about other developers software?
Trend Micro released a patch to address a critical vulnerability in the Apex One and Worry-Free Business Security products for Windows. We are talking about CVE-2023-41179, which is already used in real cyber attacks.
The defect has a high risk level — 9.1 on the CVSS scale. It is linked to the third-party antivirus software uninstall module. Full list of affected products:
According to Trend Micro, successful exploitation of the flaw will allow an attacker to manipulate a vulnerable software component. However, this will require extended permissions. The company has already recorded attempts at such attacks "in the wild", so users and full-time IT specialists are advised to install updates as a matter of urgency.
As a temporary measure, we recommend restricting access to the administrative console to all but trusted devices and networks.
Experts note that the threat of CVE-2023-41179 in Trend Micro products is not the only one actively used by hackers to break into corporate systems. CISA recently added 9 more bugs in other manufacturers software to the KEV catalog:
One of the vulnerabilities in Owl Labs was added to KEV back in June last year after details were published by Modzero.
Experts warn that attackers can use flaws in products to access confidential information and corporate systems of organizations around the world.
In addition, a vulnerability in the MinIO software was recently actively exploited. Security Joes analysts found that hackers combine it with another vulnerability to run malicious code on unprotected servers.
Trend Micro released a patch to address a critical vulnerability in the Apex One and Worry-Free Business Security products for Windows. We are talking about CVE-2023-41179, which is already used in real cyber attacks.
The defect has a high risk level — 9.1 on the CVSS scale. It is linked to the third-party antivirus software uninstall module. Full list of affected products:
- Apex One version 2019 (local installation), fixed in Service Pack 1 for SP1
- Apex One as a Service, fixed in Service Pack 1 and Agent version 14.0.12637
- Worry-Free Business Security version 10.0 SP1, fixed in package 2495
- Worry-Free Business Security Services, fixed in the July update
According to Trend Micro, successful exploitation of the flaw will allow an attacker to manipulate a vulnerable software component. However, this will require extended permissions. The company has already recorded attempts at such attacks "in the wild", so users and full-time IT specialists are advised to install updates as a matter of urgency.
As a temporary measure, we recommend restricting access to the administrative console to all but trusted devices and networks.
Experts note that the threat of CVE-2023-41179 in Trend Micro products is not the only one actively used by hackers to break into corporate systems. CISA recently added 9 more bugs in other manufacturers software to the KEV catalog:
- Invalid input validation vulnerability in the Realtek SDK
- Command injection vulnerability in Zyxel routers
- Laravel Ignition File Upload Vulnerability
- Use - after-release vulnerability in Samsung mobile devices
- Several vulnerabilities in Owl Labs Meeting Owl devices
- MinIO security bypass vulnerability
One of the vulnerabilities in Owl Labs was added to KEV back in June last year after details were published by Modzero.
Experts warn that attackers can use flaws in products to access confidential information and corporate systems of organizations around the world.
In addition, a vulnerability in the MinIO software was recently actively exploited. Security Joes analysts found that hackers combine it with another vulnerability to run malicious code on unprotected servers.
