Security News > 2023 > September > Trend Micro fixes endpoint protection zero-day used in attacks

Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.

Apex One is an endpoint security solution catering to businesses of all sizes, and the 'Worry-Free Business Security' suite is designed for small to medium-sized companies.

"Trend Micro has observed at least one active attempt of potential attacks against this vulnerability in the wild," reads the security bulletin.

"Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine," explains Trend Micro.

"If the vulnerability is exploited, an attacker who can log in to the product's administration console may execute arbitrary code with the system privilege on the PC where the security agent is installed," explains JPCERT. An effective workaround is limiting access to the product's administration console to trusted networks, locking out rogue actors who attempt to access the endpoint from external, arbitrary locations.

Adobe warns of critical Acrobat and Reader zero-day exploited in attacks.

News URL

https://www.bleepingcomputer.com/news/security/trend-micro-fixes-endpoint-protection-zero-day-used-in-attacks/