Trend Micro warns that attackers are currently targeting the security solutions Apex One (on-premise and SaaS), Worry-Free Business Security and Wory-Free Business Security Services (SaaS) on Windows. Admins should quickly secure the applications against the attacks.
Trend Micro says they have only seen one attempted attack so far. But that can change quickly.
Malicious code vulnerability
In a warning message, the software manufacturer writes that the security solutions are threatened by a “critical” security vulnerability (CVE-2023-41179). Despite the critical rating, there is a hurdle and attackers must have admin access to the console. This can happen, for example, with access data copied in the course of a social engineering attack.
If access is granted, they can execute malicious code from an unspecified third party in the context of a vulnerable uninstall module. Systems are usually completely compromised afterwards.
Trend Micro states that the following versions are protected against the attacks:
Apex One SP1 Patch 1 (B12380)Apex One as a Service (July 2023 Monthly Patch (202307) Agent Version: 14.0.12637WFBS 10.0 SP1 Patch 2495WFBSS July 31, 2023 Monthly Maintenance Release
Remote access security risk
For further protection, the general rule is that remote access to protection solutions should be deactivated. This reduces the attack surface. If there is no other option, admins should provide access via an encrypted connection and only allow access for certain accounts. In addition, strong passwords should always be used.
To the home page
#Patch #Attackers #attack #Trend #Micro #Apex