CVE-2023-41179: Critical 0-day Trend Micro Endpoint Security Vulnerability
In the ever-evolving landscape of cyber threats, it’s not uncommon to encounter vulnerabilities that pose significant risks to organizations. One such vulnerability has surfaced, bearing the identification code CVE-2023-41179 and a chilling CVSS score of 9.1. This security flaw targets Trend Micro’s Endpoint security products designed primarily for enterprises.
The products affected by this critical vulnerability are as follows:
- Trend Micro Apex One On Premise (2019)
- Trend Micro Apex One as a Service
- Worry-Free Business Security 10.0 SP1
- Worry-Free Business Security Services (SaaS)
At the heart of this vulnerability lies the 3rd Party AV Uninstaller Module within Trend Micro Endpoint security products. To put it simply, this security flaw allows for arbitrary code execution. An attacker, with access to the product’s administration console, possesses the ability to execute any code with the system privilege on the PC where the security agent resides.
The matter is further intensified by reports from Trend Micro Incorporated confirming observations of attacks exploiting this particular vulnerability. The very fact that there have been observed breaches underscores the urgency of addressing this issue.
In a commendable response, Trend Micro Incorporated has been swift to release patches to remedy this vulnerability:
- Trend Micro Apex One On Premise (2019) SP1 Patch 1 (b12380)
- Worry-Free Business Security 10.0 SP1 Patch 2495
Additionally, the developer has fortified the August 2023 Monthly Patch (202307) Agent Version: 14.0.12637 for Trend Micro Apex One as a Service, and the July 31, 2023 Monthly Maintenance Release for Worry-Free Business Security Services (SaaS).
It’s paramount for users of these products to implement these patches immediately.
However, in the interim, a workaround exists: to curb the exploitative potential of CVE-2023-41179 and ensure that access is granted only from trusted networks. This action drastically lowers the likelihood of an unauthorized entity exploiting the vulnerability. Moreover, Trend Micro suggests a rapid update to the latest build and recommends constricting access to the management console to further protect systems. Specific steps for restricting access via IIS can be found here.