Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
If you are using Trend Micro Apex One, be aware that there may be a vulnerability in the third-party Antivirus uninstaller module. This vulnerability could potentially allow for arbitrary code execution.
While the National Vulnerability Database (NVD) has not yet confirmed the severity of the issue, it is important to remain cautious and take appropriate measures to protect your system.
However, it was also found that this vulnerability is being exploited in the wild ITW). “Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild (ITW). Customers are strongly encouraged to update to the latest versions as soon as possible.” reads the post by Trend Micro.
Trend Micro has released a security advisory for fixing this vulnerability. This vulnerability also exists in Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBSS).
📁🄳🄾🄲🅄🄼🄴🄽🅃
CVE-2023-41179 – Arbitrary Code Execution Vulnerability
A threat actor can exploit this vulnerability to execute commands on the vulnerable endpoints. To exploit this vulnerability, an attacker must have access to the administrative console access on the target system as a prerequisite.
Successful exploitation may allow the attacker to execute commands with system privileges on the PC where the security agent is installed. Trend Micro has rated this vulnerability with a severity score of 9.1 ( Critical ).
Affected Products & Fixed in Versions
Product Affected Version(s) Platform Fixed in Version* Notes Apex One2019 (On-prem)WindowsSP1 Patch 1 (B12380)ReadmeApex One as a ServiceSaaSWindowsJuly 2023 Monthly Patch (202307)Agent Version: 14.0.12637ReadmeWorry-Free Business Security(WFBS)10.0 SP1Windows10.0 SP1 Patch 2495ReadmeWorry-Free Business Security Services(WFBSS)SaaSWindowsJuly 31, 2023Monthly Maintenance Release
Users of these products are recommended to upgrade to the latest version of these products to prevent this vulnerability from getting exploited by threat actors.
#Cyber_Security_News #Threats #Vulnerability #cyber_security #cyber_security_news #Trend_Micro #vulnerability
Оригинальная версия на сайте:
Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code
Author: EswarIf you are using Trend Micro Apex One, be aware that there may be a vulnerability in the third-party Antivirus uninstaller module. This vulnerability could potentially allow for arbitrary code execution.
While the National Vulnerability Database (NVD) has not yet confirmed the severity of the issue, it is important to remain cautious and take appropriate measures to protect your system.
However, it was also found that this vulnerability is being exploited in the wild ITW). “Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild (ITW). Customers are strongly encouraged to update to the latest versions as soon as possible.” reads the post by Trend Micro.
Trend Micro has released a security advisory for fixing this vulnerability. This vulnerability also exists in Worry-Free Business Security (WFBS) and Worry-Free Business Security Services (WFBSS).
📁🄳🄾🄲🅄🄼🄴🄽🅃
CVE-2023-41179 – Arbitrary Code Execution Vulnerability
A threat actor can exploit this vulnerability to execute commands on the vulnerable endpoints. To exploit this vulnerability, an attacker must have access to the administrative console access on the target system as a prerequisite.
Successful exploitation may allow the attacker to execute commands with system privileges on the PC where the security agent is installed. Trend Micro has rated this vulnerability with a severity score of 9.1 ( Critical ).
Affected Products & Fixed in Versions
Product Affected Version(s) Platform Fixed in Version* Notes Apex One2019 (On-prem)WindowsSP1 Patch 1 (B12380)ReadmeApex One as a ServiceSaaSWindowsJuly 2023 Monthly Patch (202307)Agent Version: 14.0.12637ReadmeWorry-Free Business Security(WFBS)10.0 SP1Windows10.0 SP1 Patch 2495ReadmeWorry-Free Business Security Services(WFBSS)SaaSWindowsJuly 31, 2023Monthly Maintenance Release
Users of these products are recommended to upgrade to the latest version of these products to prevent this vulnerability from getting exploited by threat actors.
#Cyber_Security_News #Threats #Vulnerability #cyber_security #cyber_security_news #Trend_Micro #vulnerability
Оригинальная версия на сайте:
