Development Micro fastened a distant code execution zero-day vulnerability within the Development Micro’s Apex One endpoint safety answer that was actively exploited in assaults.
Apex One is an endpoint safety answer catering to companies of all sizes, and the ‘Fear-Free Enterprise Safety’ suite is designed for small to medium-sized firms.
The arbitrary code execution flaw is tracked as CVE-2023-41179 and has acquired a severity ranking of 9.1 in keeping with CVSS v3, categorizing it as “crucial.”
The flaw exists in a third-party uninstaller module provided with the safety software program.
“Development Micro has noticed at the very least one lively try of potential assaults towards this vulnerability within the wild,” reads the safety bulletin.
“Prospects are strongly inspired to replace to the most recent variations as quickly as potential.”
The flaw impacts the next merchandise:
- Development Micro Apex One 2019
- Development Micro Apex One SaaS 2019
- Fear-Free Enterprise Safety (WFBS) 10.0 SP1 (offered as Virus Buster Enterprise Safety (Biz) in Japan)
- Fear-Free Enterprise Safety Companies (WFBSS) 10.0 SP1 (offered as Virus Buster Enterprise Safety Companies (VBBSS) in Japan)
Fixes had been made out there within the following releases:
- Apex One 2019 Service Pack 1 – Patch 1 (Construct 12380)
- Apex One SaaS 14.0.12637
- WFBS Patch 2495
- WFBSS July 31 replace
A mitigating issue is that to take advantage of CVE-2023-41179, the attacker should have beforehand stolen the product’s administration console credentials and used them to log in.
“Exploiting these sort of vulnerabilities typically require that an attacker has entry (bodily or distant) to a weak machine,” explains Development Micro.
The Japanese CERT has additionally issued an alert concerning the lively exploitation of the flaw, urging customers of the impacted software program to improve to a safe launch as quickly as potential.
“If the vulnerability is exploited, an attacker who can log in to the product’s administration console could execute arbitrary code with the system privilege on the PC the place the safety agent is put in,” explains JPCERT.
An efficient workaround is limiting entry to the product’s administration console to trusted networks, locking out rogue actors who try and entry the endpoint from exterior, arbitrary areas.
Nevertheless, finally, admins want to put in the safety updates to stop risk actors who already breached a community from using the flaw to unfold laterally to different units.