Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code

Do you should are using Pattern Micro Apex One, undergo in mind that there may per chance presumably per chance be a vulnerability within the third-social gathering Antivirus uninstaller module. This vulnerability may per chance presumably per chance potentially enable for arbitrary code execution.

Whereas the National Vulnerability Database (NVD) has no longer but confirmed the severity of the subject, it is well-known to stay cautious and design end appropriate measures to supply protection to your machine.

On the opposite hand, it was once also chanced on that this vulnerability is being exploited within the wild ITW). “Pattern Micro has noticed at least one active strive of in all probability assaults in incompatibility vulnerability within the wild (ITW). Customers are strongly encouraged to interchange to the most up-to-date versions as quickly as in all probability.” reads the post by Pattern Micro.

Pattern Micro has released a security advisory for fixing this vulnerability. This vulnerability also exists in Alarm-Free Industry Security (WFBS) and Alarm-Free Industry Security Services and products (WFBSS).

CVE-2023-41179 – Arbitrary Code Execution Vulnerability

A threat actor can exploit this vulnerability to enact instructions on the inclined endpoints. To profit from this vulnerability, an attacker must procure derive entry to to the manager console derive entry to on the target machine as a prerequisite.

A success exploitation may per chance presumably per chance enable the attacker to enact instructions with machine privileges on the PC where the safety agent is put in. Pattern Micro has rated this vulnerability with a severity rating of 9.1 (Serious).

Affected Merchandise & Mounted in Variations

Customers of these products are beneficial to upgrade to the most up-to-date model of these products to end this vulnerability from getting exploited by threat actors.