Security software company Trend Micro today warned customers to patch an actively exploited Apex One security vulnerability as soon as possible.
Summit one is an endpoint security platform that provides enterprises with automated detection and response to threats from malicious tools, malware, and vulnerabilities.
This flaw (CVE-2022-40139) allows attackers to remotely execute arbitrary code on systems running unpatched software.
“Incorrect validation of certain components used by the restore mechanism in Trend Micro Apex One clients and Trend Micro Apex One as a service could allow an Apex One server administrator to instruct affected clients to download an unsecured restore package. verified, which could lead to remote code execution,” the company explained in a security advisory released today.
Fortunately, hackers must first gain access to the Apex One server admin console to successfully exploit this bug.
While this definitely increases the skill level required to abuse CVE-2022-40139 in attacks, Trend Micro today advised customers that it has already observed at least one active exploit attempt in the wild.
“Trend Micro has observed at least one active attempt to potentially exploit this vulnerability in the wild. Customers are strongly encouraged to update to the latest versions as soon as possible,” the company said. said.
Users should immediately update their installation to the latest version, Apex One Service Pack 1 (Server Build 11092 and Agent Build 11088).
Authentication bypass bug also fixed today
Today, Trend Micro fixed another high-severity vulnerability in the Apex One product (CVE-2022-40144), allowing potential attackers to bypass authentication by tampering with query parameters on affected installations.
“Exploitation of these types of vulnerabilities typically requires an attacker to have access (physically or remotely) to a vulnerable machine. However, while an exploit may require several specific conditions, Trend Micro strongly encourages customers to update the latest releases as soon as possible,” Trend Micro added.
“In addition to the timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure perimeter policies and security are met. up to date.”
In April, the security software publisher fixed another actively exploited security vulnerability in the management console of Apex Central products that allow remote attackers to execute arbitrary code on compromised systems.
CISA later added the bug to its catalog of known exploited vulnerabilitiesrequiring federal civilian agencies to fix the actively used Apex Central bug within the next three weeks, until April 21, 2022.