[German]Trend Micro has released a patch with build 2178 for its Worry Free Business Security version 10.0 Service Pack 1 on October 26, 2019. This patch is supposed to close a 0-day vulnerability in the web console.
Blog reader Tom B. thankfully sent me a short e-mail. The readme file states that the patch contains solutions to known issues that became known after the installation of the Worry-Free Business Security 10.0 Service Pack 1 release. Among the known issues Trend Micro writes:
2.2 Resolved Known Issues
This critical patch resolves the following issue:
Issue: A possible zero-day vulnerability may allow an attacker
to bypass unauthorized log-on protection and launch a
Path Traversal Attack on the Worry-Free Business Security
Solution: This critical patch updates the Worry-Free Business
Security server program to remove the vulnerability.
So in Trend MicroWorry Free Business Security version 10.0 Service Pack 1, there may be a 0-day vulnerability that allows an attacker to bypass logon and perform a path traversal attack on the TM WFBS Web console. Trend Micro recommends that users install Patch 2178 immediately. You can download the WFBS_100_SP1_WIN_ALL_Patch_2178.exe file from the Product Patch tab on this Trend Micro page.