Development Micro mounted a distant code execution zero-day vulnerability within the Development Micro’s Apex One endpoint safety answer that was actively exploited in assaults.
Apex One is an endpoint safety answer catering to companies of all sizes, and the ‘Fear-Free Enterprise Safety’ suite is designed for small to medium-sized firms.
The arbitrary code execution flaw is tracked as CVE-2023-41179 and has acquired a severity ranking of 9.1 in accordance with CVSS v3, categorizing it as “vital.”
The flaw exists in a third-party uninstaller module equipped with the safety software program.
“Development Micro has noticed at the least one energetic try of potential assaults towards this vulnerability within the wild,” reads the safety bulletin.
“Prospects are strongly inspired to replace to the most recent variations as quickly as doable.”
The flaw impacts the next merchandise:
- Development Micro Apex One 2019
- Development Micro Apex One SaaS 2019
- Fear-Free Enterprise Safety (WFBS) 10.0 SP1 (offered as Virus Buster Enterprise Safety (Biz) in Japan)
- Fear-Free Enterprise Safety Providers (WFBSS) 10.0 SP1 (offered as Virus Buster Enterprise Safety Providers (VBBSS) in Japan)
Fixes had been made accessible within the following releases:
- Apex One 2019 Service Pack 1 – Patch 1 (Construct 12380)
- Apex One SaaS 14.0.12637
- WFBS Patch 2495
- WFBSS July 31 replace
A mitigating issue is that to take advantage of CVE-2023-41179, the attacker will need to have beforehand stolen the product’s administration console credentials and used them to log in.
“Exploiting these kind of vulnerabilities usually require that an attacker has entry (bodily or distant) to a weak machine,” explains Development Micro.
The Japanese CERT has additionally issued an alert in regards to the energetic exploitation of the flaw, urging customers of the impacted software program to improve to a safe launch as quickly as doable.
“If the vulnerability is exploited, an attacker who can log in to the product’s administration console might execute arbitrary code with the system privilege on the PC the place the safety agent is put in,” explains JPCERT.
An efficient workaround is limiting entry to the product’s administration console to trusted networks, locking out rogue actors who try to entry the endpoint from exterior, arbitrary areas.
Nonetheless, in the end, admins want to put in the safety updates to forestall risk actors who already breached a community from using the flaw to unfold laterally to different units.