Cyber security company Trend Micro released Patches and hotfixes to address critical security flaws in Apex One and Worry-Free Business Security solutions for Windows that are actively being exploited in real-world attacks.
Tracked target CVE-2023-41179 (CVSS score: 9.1), which is related to a third-party antivirus uninstaller module bundled with the software. The complete list of affected products is:
- Apex One – Version 2019 (on-premises), fixed in SP1 Patch 1 (B12380)
- Apex One as a Service – fixed in SP1 Patch 1 (B12380) and agent version 14.0.12637
- Worry-Free Business Security – Version 10.0 SP1, fixed in 10.0 SP1 patch 2495
- Worry-Free Business Security Services – Fixed July 31, 2023, Monthly Maintenance Release
Trend Micro said that successful exploitation of this flaw could allow an attacker to manipulate the component and execute arbitrary commands on an affected installation. However, this requires that the attacker already has access to the administrative console on the target system.
The company also warned that “at least one active attempt has been observed that may have exploited this vulnerability in the wild” and it is important that users act quickly to apply the patch. I warned you that there is.
As a workaround, customers are advised to restrict access to the product’s management console to trusted networks.
CISA adds 9 defects to KEV catalog
This development will be carried out by the US Cybersecurity and Infrastructure Security Agency (CISA). Added nine defects Known vulnerabilities exploited (Kev) catalog, citing evidence of active exploitation in the wild –
- CVE-2014-8361 (CVSS Score: N/A) – Realtek SDK Improper Input Validation Vulnerability
- CVE-2017-6884 (CVSS Score: 8.8) – Zyxel EMG2926 Router Command Injection Vulnerability
- CVE-2021-3129 (CVSS score: 9.8) – Laravel Ignition file upload vulnerability
- CVE-2022-22265 (CVSS Score: 7.8) – Use-After-Free Vulnerability in Samsung Mobile Devices
- CVE-2022-31459 (CVSS Score: 6.5) – Owl Labs Meeting Owl Insufficient Encryption Strength Vulnerability
- CVE-2022-31461 (CVSS score: 6.5) – Owl Labs Meeting Owl lack of authentication for vulnerability in critical functionality
- CVE-2022-31462 (CVSS Score: 8.8) – Owl Labs Meeting Owl Hardcoded Credentials Usage Vulnerability
- CVE-2022-31463 (CVSS Score: 7.1) – Owl Labs Meeting Owl Improper Authentication Vulnerability
- CVE-2023-28434 (CVSS score: 8.8) – MinIO security feature bypass vulnerability
It’s worth noting that a fifth flaw is at play. Owl Labs Meeting Owl (CVE-2022-31460, CVSS score: 7.4) is a case of hard-coded credentials, previously published in the KEV catalog on June 8, 2022, just days after Modzero disclosed details of the flaw. Added.
Level up your SaaS security: A comprehensive guide to ITDR and SSPM
Stay informed about how ITDR identifies and mitigates threats. Learn about the essential role of SSPM in keeping your identity from being compromised.
“By exploiting vulnerabilities,[…]Attackers can find registered devices, their data and owners from anywhere in the world,” said the Swiss security consultancy. Said at that time.
“An attacker could also access sensitive whiteboard screenshots or use Owl to access the owner’s network. The PIN protection that protects Owl from unauthorized use is (at least) 4 It can be circumvented by an attacker using two different approaches.
To complicate matters further, these devices can be turned by arbitrary users into rogue wireless network gateways remotely via Bluetooth to the local corporate network and exploited to act as a backdoor into the owner’s local network. There is a possibility that It is currently unknown how these vulnerabilities could be exploited in the wild.
Security vulnerabilities affecting MinIO have been exploited in recent months, and this month, Security Jaws reported that an anonymous attacker was able to exploit this vulnerability in combination with CVE-2023-28432 (CVSS score: 7.5). revealed running malicious code on susceptible servers. Drop subsequent payloads.