CVE-2023-41179

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (on-prem and SaaS) versions (affected versions not specified) Worry-Free Business Security versions (affected versions not specified) Worry-Free Business Security Services versions (affected versions not specified)

Description A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro products could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. The vulnerability has been exploited in real-world attacks.

Recommendations For Trend Micro Apex One (on-prem and SaaS), update to the latest version to fix the vulnerability. For Worry-Free Business Security, update to the latest version to fix the vulnerability. For Worry-Free Business Security Services, update to the latest version to fix the vulnerability. As a temporary workaround, consider disabling the vulnerable 3rd party AV uninstaller module until a patch is available.