JPCERT-AT-2023-0021 JPCERT/CC 2023-09-19 <<< JPCERT/CC Alert 2023-09-19 >>> Alert Regarding Vulnerability in Trend Micro Multiple Endpoint Security Products for Enterprises https://www.jpcert.or.jp/english/at/2023/at230021.html I. Overview On September 19, 2023, Trend Micro has released the information regarding a vulnerability (CVE-2023-41179) in multiple endpoint security products for enterprises. If the vulnerability is exploited, an attacker who can log in to the product's administration console may execute arbitrary code with the system privilege on the PC where the security agent is installed. According to Trend Micro, an attack exploiting this vulnerability has been observed. Trend Micro Incorporated CRITICAL SECURITY BULLETIN: 3rd Party AV Uninstaller Module for Trend Micro Apex One and Worry-Free Business Security Arbitrary Code Execution Vulnerability (Text in Japanese) https://success.trendmicro.com/jp/solution/000294706 Trend Micro Incorporated [Alert] Apply a Critical Patch; An attack exploiting the vulnerability (CVE-2023-41179) in Trend Micro products has been observed (Text in Japanese) https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4886 Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro. II. Affected Products Affected products and versions are as follows: - Trend Micro Apex One On Premise (2019) - Trend Micro Apex One as a Service - Worry-Free Business Security 10.0 SP1 - Worry-Free Business Security Services (SaaS) III. Solution Trend Micro has released patches that address the vulnerability. It is recommended to apply the patch as soon as possible. - Trend Micro Apex One On Premise (2019) SP1 Patch 1 (b12380) - Worry-Free Business Security 10.0 SP1 Patch 2495 According to Trend Micro, the issues in Apex One as a Service are already fixed in the July 31, 2023 updates. IV. Workarounds The following measure is mentioned as workarounds. As for the details, please refer to the information provided by Trend Micro. - Permit access to the product's administration console to only trusted network V. References Trend Micro Incorporated CRITICAL SECURITY BULLETIN: 3rd Party AV Uninstaller Module for Trend Micro Apex One and Worry-Free Business Security Arbitrary Code Execution Vulnerability (Text in Japanese) https://success.trendmicro.com/jp/solution/000294706 Trend Micro Incorporated [Alert] Apply a Critical Patch; An attack exploiting the vulnerability (CVE-2023-41179) in Trend Micro products has been observed (Text in Japanese) https://appweb.trendmicro.com/SupportNews/NewsDetail.aspx?id=4886 Japan Vulnerability Notes JVNVU#90967486 Trend Micro Endpoint security products for enterprises vulnerable to arbitrary code execution https://jvn.jp/en/vu/JVNVU90967486/ If you have any information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (Early Warning Group) MAIL: ew-info@jpcert.or.jp https://www.jpcert.or.jp/english/