Connect with us

Hi, what are you looking for?


Endpoint Security

Trend Micro Patches Exploited Zero-Day Vulnerability in Endpoint Security Products

Trend Micro has patched CVE-2023-41179, an Apex One zero-day code execution vulnerability that has been exploited in attacks. 

Trend Micro on Tuesday released an advisory to warn customers that a critical vulnerability affecting Apex One and other endpoint security products has been exploited in the wild.

The zero-day flaw, tracked as CVE-2023-41179, impacts Apex One, Apex One SaaS, and Worry-Free Business Security products. 

The vulnerability, related to the products’ ability to uninstall third-party security software, can be exploited for arbitrary code execution.

“To exploit this vulnerability, an attacker would need to be able to log into the product’s administrative console. Because an attacker would need to have stolen the product’s management console authentication information in advance, they would not be able to infiltrate the target network using this vulnerability alone,” Trend Micro noted in a Japanese-language advisory.

It added, “Trend Micro has confirmed that this vulnerability has been used in actual attacks. We recommend updating to the latest version as soon as possible.”

Patches have been released for each of the impacted products. 

Trend Micro typically does not share information about the attacks exploiting vulnerabilities found in its products. 

Advertisement. Scroll to continue reading.

However, there have been a few instances where some information has come to light, including attribution to Chinese threat actors and the possible exploitation of a flaw in an attack targeting Mitsubishi Electric

Several Trend Micro product vulnerabilities have been exploited in attacks in the past few years. CISA currently lists nine such flaws in its Known Exploited Vulnerabilities Catalog. The latest zero-day has yet to be added.

Related: Trend Micro Patches Another Apex One Vulnerability Exploited in Attacks

Related: Trend Micro Patches Two Vulnerabilities Exploited in the Wild

Related: AV Under Attack: Trend Micro Confirms Apex One Exploitation

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.