Pattern Micro fastened a distant code execution zero-day vulnerability within the Pattern Micro’s Apex One endpoint safety answer that was actively exploited in assaults.
Apex One is an endpoint safety answer catering to companies of all sizes, and the ‘Fear-Free Enterprise Safety’ suite is designed for small to medium-sized firms.
The arbitrary code execution flaw is tracked as CVE-2023-41179 and has obtained a severity ranking of 9.1 based on CVSS v3, categorizing it as “vital.”
The flaw exists in a third-party uninstaller module provided with the safety software program.
“Pattern Micro has noticed no less than one energetic try of potential assaults in opposition to this vulnerability within the wild,” reads the safety bulletin.
“Prospects are strongly inspired to replace to the newest variations as quickly as potential.”
The flaw impacts the next merchandise:
- Pattern Micro Apex One 2019
- Pattern Micro Apex One SaaS 2019
- Fear-Free Enterprise Safety (WFBS) 10.0 SP1 (offered as Virus Buster Enterprise Safety (Biz) in Japan)
- Fear-Free Enterprise Safety Providers (WFBSS) 10.0 SP1 (offered as Virus Buster Enterprise Safety Providers (VBBSS) in Japan)
Fixes had been made accessible within the following releases:
- Apex One 2019 Service Pack 1 – Patch 1 (Construct 12380)
- Apex One SaaS 14.0.12637
- WFBS Patch 2495
- WFBSS July 31 replace
A mitigating issue is that to use CVE-2023-41179, the attacker will need to have beforehand stolen the product’s administration console credentials and used them to log in.
“Exploiting these kind of vulnerabilities usually require that an attacker has entry (bodily or distant) to a susceptible machine,” explains Pattern Micro.
The Japanese CERT has additionally issued an alert in regards to the energetic exploitation of the flaw, urging customers of the impacted software program to improve to a safe launch as quickly as potential.
“If the vulnerability is exploited, an attacker who can log in to the product’s administration console could execute arbitrary code with the system privilege on the PC the place the safety agent is put in,” explains JPCERT.
An efficient workaround is limiting entry to the product’s administration console to trusted networks, locking out rogue actors who try and entry the endpoint from exterior, arbitrary places.
Nonetheless, finally, admins want to put in the safety updates to forestall risk actors who already breached a community from using the flaw to unfold laterally to different gadgets.
