IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Trend Micro cautions against actively exploited Apex One RCE vulnerability

The firm also patched a high severity security flaw that lets perpetrators bypass authentication

Trend Micro has alerted its customers to an actively exploited Apex One security vulnerability, codenamed CVE-2022-40139.

An endpoint security platform, Apex One by Trend Micro provides businesses with automated threat detection and response against malware and malicious tools.

The recently identified security flaw in the platform allows for remote execution of arbitrary code on systems running unpatched software, the company warned.

"Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution.”

However, despite the severity of the threat, Trend Micro noted that threat actors must still obtain access to the Apex One server administration console for an exploit to be successful.

"Trend Micro has observed at least one active attempt of potential exploitation of this vulnerability in the wild. Customers are strongly encouraged to update to the latest versions as soon as possible," the company added.

Apex One users are advised to update their installation to the latest version, Apex One Service Pack 1 (Server Build 11092 and Agent Build 11088) to safeguard their systems.

Trend Micro also patched another high severity vulnerability in the Apex One product, tracked as CVE-2022-40144.  The security flaw allowed potential intruders to falsify request parameters to bypass authentication.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023