Security News > 2023 > September > Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)
Trend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.
"Trend Micro has observed at least one active attempt of potential exploitation of in the wild," the company shared.
Still, patching/updating is the best and preferred course of action because the vulnerability may also be exploited for lateral movement by attackers who have gained access to other company assets via other means.
"Even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible," the company stressed.
The vulnerability has been fixed in Trend Micro Apex One as a Service and Worry-Free Business Security Services with patches released in July 2023.
Admins of Trend Micro Apex One On Premise and Worry-Free Business Security should implement the latest patches - SP1 Patch 1 and 10.0 SP1 Patch 2495, respectively - as soon as possible.
News URL
https://www.helpnetsecurity.com/2023/09/21/cve-2023-41179/
Related news
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)