Trend Micro cautions against actively exploited Apex One RCE vulnerability

The firm also patched a high severity security flaw that lets perpetrators bypass authentication

14 Sep 2022

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 14 Sep 2022

Graphic showing a red unlocked padlock surrounded by blue locked padlocks

Shutterstock

Trend Micro has alerted its customers to an actively exploited Apex One security vulnerability, codenamed CVE-2022-40139.

An endpoint security platform, Apex One by Trend Micro provides businesses with automated threat detection and response against malware and malicious tools.

The recently identified security flaw in the platform allows for remote execution of arbitrary code on systems running unpatched software, the company warned.

"Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.”

However, despite the severity of the threat, Trend Micro noted that threat actors must still obtain access to the Apex One server administration console for an exploit to be successful.

"Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild. Customers are strongly encouraged to update to the latest versions as soon as possible," the company added.

Apex One users are advised to update their installation to the latest version, Apex One Service Pack 1 (Server Build 11092 and Agent Build 11088) to safeguard their systems.

Trend Micro also patched another high severity vulnerability in the Apex One product, tracked as CVE-2022-40144. The security flaw allowed potential intruders to falsify request parameters to bypass authentication.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1666696461/itpro/Whitepaper%20covers/2022_Strategic_roadmap_for_data_security_platform_convergence_thumb.png { display: none !important; }

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1667226512/itpro/Whitepaper%20covers/3D_trends_report_thumb.png { display: none !important; }

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1643807802/itpro/Whitepaper%20covers/TEI_of_IBM_cloud_Pak_Watson_AIOps_Instana_thumb.png { display: none !important; }

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1666789357/itpro/Whitepaper%20covers/Leverage_automated_APM_to_accelerate_CI_CD_and_boost_application_performance_thumb.png { display: none !important; }

Free Download

Trend Micro cautions against actively exploited Apex One RCE vulnerability

The firm also patched a high severity security flaw that lets perpetrators bypass authentication

Most Popular

Get the IT Pro newsletter

Get the free daily newsletter from IT Pro, delivering the latest news, reviews, insights and case studies