Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability

Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 CVSS score: 9.1, it relates to a third-party...

CVE-2022-24678

CVE-2022-24678 affects Trend Micro Apex One and related agents (Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Services). The vulnerability is a denial-of-service caused by resource exhaustion in the agent’s logging path: an attacker can flood a temporary log location by issuing...

CVE-2022-23805

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged...

CVE-2021-45440

A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 on-prem versions only could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges. Please note: an attacker must first obtain the...

Privilege escalation

A link following privilege escalation vulnerability in Trend Micro Apex One on-prem and SaaS and Trend Micro Worry-Free Business Security 10.0 SP1 and Services could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on th...

CVE-2021-44024

CVE-2021-44024 affects Trend Micro Apex One (on‑prem and SaaS) and Trend Micro Worry‑Free Business Security (10.0 SP1/Services). The issue is a denial‑of‑service flaw exploitable via symbolic link abuse in the Real‑time Scan Service, allowing a local attacker who already has low‑privilege code ex...

CVE-2021-32464

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execu...

Trend Micro Worry-Free Business Security Advanced Server Installed (Windows)

Binary data trendmicroserverwininstalled.nbin...

JVN#28865183: Insecure DLL Loading issue in multiple Trend Micro products

Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue CWE-427. When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers of the other applications may b...