Security News > 2022 > April > Trend Micro fixes actively exploited remote code execution bug
Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely.
Apex Central is a web-based management console that helps system admins manage Trend Micro products and services throughout the network.
On Thursday, Trend Micro said it observed attempts to exploit the vulnerability in the wild as part of an ongoing attack.
On Thursday, following Trend Micro's disclosure, the Cybersecurity and Infrastructure Security Agency ordered federal civilian agencies to patch the actively exploited Apex Central bug within the next three weeks, until April 21, 2022.
The cybersecurity agency also urged private and public sector organizations in the US to prioritize patching this actively exploited bug to decrease their networks' exposure to ongoing attacks.
CISA added the Trend Micro flaw to its Known Exploited Vulnerabilities Catalog, a list of security bugs exploited in the wild, with seven others, including a critical Sophos firewall bug.
News URL
Related news
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)
- Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution (source)
- Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager (source)
- New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (source)
- Mailcow Mail Server Flaws Expose Servers to Remote Code Execution (source)