Trend Micro

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks.

Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software. The complete list of impacted products is as follows -

  • Apex One - version 2019 (on-premise), fixed in SP1 Patch 1 (B12380)
  • Apex One as a Service - fixed in SP1 Patch 1 (B12380) and Agent version 14.0.12637
  • Worry-Free Business Security - version 10.0 SP1, fixed in 10.0 SP1 Patch 2495
  • Worry-Free Business Security Services - fixed in July 31, 2023, Monthly Maintenance Release

Trend Micro said that a successful exploitation of the flaw could allow an attacker to manipulate the component to execute arbitrary commands on an affected installation. However, it requires that the adversary already has administrative console access on the target system.

Cybersecurity

The company also warned that it has "observed at least one active attempt of potential exploitation of this vulnerability in the wild," making it essential that users move quickly to apply the patches.

As a workaround, it's recommending that customers limit access to the product's administration console to trusted networks.

CISA Adds Nine Flaws to KEV Catalog

The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added nine flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild -

  • CVE-2014-8361 (CVSS score: N/A) - Realtek SDK Improper Input Validation Vulnerability
  • CVE-2017-6884 (CVSS score: 8.8) - Zyxel EMG2926 Routers Command Injection Vulnerability
  • CVE-2021-3129 (CVSS score: 9.8) - Laravel Ignition File Upload Vulnerability
  • CVE-2022-22265 (CVSS score: 7.8) - Samsung Mobile Devices Use-After-Free Vulnerability
  • CVE-2022-31459 (CVSS score: 6.5) - Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability
  • CVE-2022-31461 (CVSS score: 6.5) - Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability
  • CVE-2022-31462 (CVSS score: 8.8) - Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability
  • CVE-2022-31463 (CVSS score: 7.1) - Owl Labs Meeting Owl Improper Authentication Vulnerability
  • CVE-2023-28434 (CVSS score: 8.8) - MinIO Security Feature Bypass Vulnerability

It's worth noting that a fifth flaw impacting Owl Labs Meeting Owl (CVE-2022-31460, CVSS score: 7.4), a case of hard-coded credentials, was previously added to the KEV catalog on June 8, 2022, merely days after Modzero disclosed details of the flaws.

Cybersecurity

"By exploiting the vulnerabilities[...], an attacker can find registered devices, their data, and owners from around the world," the Swiss security consultancy firm said at the time.

"Attackers can also access confidential screenshots of whiteboards or use the Owl to get access to the owner's network. The PIN protection, which protects the Owl from unauthorized use, can be circumvented by an attacker by (at least) four different approaches."

Even more troublingly, the devices can be turned into rogue wireless network gateways to a local corporate network remotely via Bluetooth by arbitrary users and can be abused to act as a backdoor to owners' local networks. It's currently not known how these vulnerabilities are exploited in the wild.

The security weakness impacting MinIO has come under abuse in recent months, with Security Joes revealing that an unnamed threat actor is exploiting it in conjunction with CVE-2023-28432 (CVSS score: 7.5) to achieve unauthorized code execution on susceptible servers and drop follow-on payloads.

Update

The five security flaws impacting Owl Labs Meeting Owl have been removed from the KEV Catalog as of October 4, 2023, citing lack of sufficient evidence. More details about the removal are available in our story here.


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.