Trend Micro cautions against actively exploited Apex One RCE vulnerability

Graphic showing a red unlocked padlock surrounded by blue locked padlocks — (Image credit: Shutterstock)

Trend Micro has alerted its customers to an actively exploited Apex One security vulnerability, codenamed CVE-2022-40139.

An endpoint security platform, Apex One by Trend Micro provides businesses with automated threat detection and response against malware and malicious tools.

Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday Apple patches yet another zero-day flaw in substantial security update

The recently identified security flaw in the platform allows for remote execution of arbitrary code on systems running unpatched software, the company warned.

"Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.”

However, despite the severity of the threat, Trend Micro noted that threat actors must still obtain access to the Apex One server administration console for an exploit to be successful.

"Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild. Customers are strongly encouraged to update to the latest versions as soon as possible," the company added.

Apex One users are advised to update their installation to the latest version, Apex One Service Pack 1 (Server Build 11092 and Agent Build 11088) to safeguard their systems.

Trend Micro also patched another high severity vulnerability in the Apex One product, tracked as CVE-2022-40144. The security flaw allowed potential intruders to falsify request parameters to bypass authentication.