Trend Micro warns that attackers are currently targeting the Windows security solutions Apex One (on-premise and SaaS), Worry-Free Business Security and Wory-Free Business Security Services (SaaS). Admins should quickly secure the applications against the attacks.
Advertisement
Trend Micro says they have only seen one attempted attack so far. But that can change quickly.
Malicious code vulnerability
The software manufacturer writes in a warning messagethat the security solutions from a “critical” Vulnerability (CVE-2023-41179) is threatened. Despite the critical classification, there is a hurdle and attackers must have admin access to the console. This can happen, for example, with access data copied in the course of a social engineering attack.
If access is given, they can execute malicious code from an unspecified third-party in the context of a vulnerable uninstall module. Systems are usually completely compromised afterwards.
Trend Micro states that the following versions are protected against the attacks:
- Apex One SP1 Patch 1 (B12380)
- Apex One as a Service (July 2023 Monthly Patch (202307) Agent Version: 14.0.12637
- WFBS 10.0 SP1 Patch 2495
- WFBSS July 31, 2023 Monthly Maintenance Release
Remote access security risk
For further protection, the general rule is that remote access to protection solutions should be deactivated. This reduces the attack surface. If there is no other option, admins should provide access via an encrypted connection and only allow access for certain accounts. In addition, strong passwords should always be used.
(of)