Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks

Trend Micro announced on Tuesday that it has patched several flaws in its Apex One endpoint security product, including a zero-day vulnerability.

Trend Micro announced on Tuesday that it has patched several flaws in its Apex One endpoint security product, including a zero-day vulnerability.

The exploited vulnerability is tracked as CVE-2022-40139 and it has been described as an improper validation issue related to the product’s rollback function. This high-severity vulnerability can only be exploited by an attacker who is able to log into the product’s admin console.

The attacker can instruct affected clients to download an unverified rollback package, which could lead to remote code execution, according to an advisory released by Trend Micro.

“Since the attacker must have previously stolen the authentication information for the product’s management console, it is not possible to infiltrate the target network using this vulnerability alone,” the cybersecurity firm explained in a Japanese-language advisory.

No information is available on the attacks exploiting CVE-2022-40139, and Trend Micro told  SecurityWeek that it’s not disclosing any details.

It’s not uncommon for threat actors to exploit vulnerabilities in Trend Micro products, with several attacks being reported in the past few years. The security holes appear to have mostly been exploited in targeted attacks, and in some cases Chinese threat actors have been confirmed as the main suspect.

In addition to the zero-day vulnerability, the Apex One patches also address three other high-severity and two medium-severity issues.

Advertisement. Scroll to continue reading.

The most serious of them is CVE-2022-40144, which could allow an attacker to bypass authentication using specially crafted requests. In theory, it may be possible to chain such vulnerabilities with the aforementioned zero-day to achieve the authentication requirement, but Trend Micro has not mentioned anything about CVE-2022-40144 being exploited in attacks.

The other vulnerabilities patched by Trend Micro can be exploited for privilege escalation, DoS attacks, and obtaining information about a targeted server.

According to CISA’s Known Exploited Vulnerabilities Catalog, eight other Trend Micro flaws have been exploited in the wild in the past years, most of which impact Apex products.

*updated with link and information from English-language advisory. Also added that Trend Micro is not sharing information about the attacks 

Related: Trend Micro Confirms In-the-Wild Zero-Day Attacks

Related: Trend Micro OfficeScan Flaw Apparently Exploited in Mitsubishi Electric Hack

Related: Trend Micro Patches Vulnerabilities in Hybrid Cloud Security Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.