Trend Micro fixes actively exploited remote code execution bug

Reading Time: 2 minutes

Trend Micro

Image: Adrien Olichon

Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely.

Apex Central is a web-based management console that helps system admins manage Trend Micro products and services (including antivirus and content security products and services) throughout the network.

They can also use it to deploy components (e.g., antivirus pattern files, scan engines, and antispam rules) via manual or pre-scheduled updates.

The vulnerability (CVE-2022-26871) is a high severity arbitrary file upload weakness in the file handling module that unauthenticated attackers can abuse for remote code execution.

On Thursday, Trend Micro said it observed attempts to exploit the vulnerability in the wild as part of an ongoing attack.

“Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already,” the company said.

CISA orders federal agencies to patch

The Japanese antivirus vendor also urged customers of affected products (on-premise and as a Service) to update to the latest released version as soon as possible.

“Please note that the SaaS version has already been deployed on the backend and no further action is required from SaaS customers on this issue,” the company added for SaaS customers.

When asked how many customers were targeted in these attacks and if any of their networks were breached following these exploitation attempts, Trend Micro spokesperson Funda Cizgenakad told BleepingComputer that the company is “not able to comment on customers” since “this is confidential.”

On Thursday, following Trend Micro’s disclosure, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal civilian agencies to patch the actively exploited Apex Central bug within the next three weeks, until April 21, 2022.

The cybersecurity agency also urged private and public sector organizations in the US to prioritize patching this actively exploited bug to decrease their networks’ exposure to ongoing attacks.

CISA added the Trend Micro flaw to its Known Exploited Vulnerabilities Catalog, a list of security bugs exploited in the wild, with seven others, including a critical Sophos firewall bug.

Related Posts