- 232/2023
- Critical
Trend Micro has released security updates to address a critical zero-day vulnerability across Trend Micro Apex One (on-premise, SaaS), Trend Micro Worry-Free Business Security, and Trend Micro Worry-Free Business Security SaaS.
The addressed vulnerability could allow the remote authenticated attacker to
execute arbitrary code on the affected system.
Trend Micro Endpoint Security Products Code Execution (CVE-2023-41179):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Affected products:
- Trend Micro Apex One 2019.
- Trend Micro Worry-Free Business Security 10.0 SP1.
- Trend Micro Apex One SaaS.
- Trend Micro Worry-Free Business Security Services SaaS.
It should be highlighted that Trend Micro is aware of a public exploit that exists in the wild for “CVE-2023-41179” and encourages customers strongly to update their affected products to the latest versions as soon as possible.
Vulnerabilities
CVE-2023-41179
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.