Trend Micro: Update closes exploited critical vulnerability CVE-2023-41179

[German]Short notice for users and administrators of Trend Micro security products Apex One and Worry-Free Business Security on Windows. There is a critical vulnerability (CVE-2023-41179) in the products that is already being exploited in the wild. However, the manufacturer offers updates for the affected products that eliminate this critical vulnerability.

From the tweet below, it can be seen that the CVE-2023-41179 vulnerability has a CVSS score of 9.1, which means it is critical (10 is the maximum). The vulnerability is located in a third-party uninstaller program and affects the Apex One and Worry-Free Business Security products.

The vulnerability in the third-party AV uninstaller module used in Trend Micro Apex One, Worry-Free Business Security, and Worry-Free Business Security Services allows an attacker to manipulate the module to execute arbitrary commands on an affected installation. However, an attacker must first gain administrative console access on the target system to exploit this vulnerability. According to Trend Micro , the following products for Windows in the specified versions are affected by the vulnerability:

• Apex One: 2019 (On-prem)
• Apex One as a Service (SaaS)
• Worry-Free Business Security (WFBS) 10.0 SP1
• Worry-Free Business Security Services (WFBSS) SaaS

In the meantime, Trend Micro has released corresponding updates for these products, which are available either automatically via the product's update function or as a download:

• Apex One: SP1 Patch 1 (B12380); Readme
• Apex One as a Service: July 2023 Monthly Patch (202307); Agent Version:  14.0.12637, Readme
• WFBS: 10.0 SP1 Patch 2495; Readme
• WFBSS: July 31, 2023 Monthly Maintenance Release

The above list is intended to include Trend Micro's recommended minimum version(s) of the patches and/or builds required to address the issue. Trend Micro strongly recommends that its customers purchase the latest version of the respective product if a newer version than the one listed in this bulletin is available.

It should also be noted that the vulnerability mentioned above may have been fixed in an earlier monthly SaaS update than the one currently available. Updated software can ensure that the vulnerability in question has been fixed.