Trend Micro fixes an actively exploited remote code execution bug

Image: Adrien Olichon

Japanese cybersecurity software company Trend Micro has patched a high-severity security flaw in the Apex Central product management console that may allow attackers to remotely execute arbitrary code.

Apex Central is a web-based management console that helps system administrators manage Trend Micro products and services (including anti-virus and content security products and services) across the network.

They can also use it to deploy components (for example, anti-virus pattern files, scanning engines, and anti-spam rules) via manual or pre-scheduled updates.

The vulnerability (CVE-2022-26871) is a high-severity arbitrary file upload weakness in the file handler module that unauthenticated attackers can exploit for remote code execution.

On Thursday, Trend Micro said it observed attempts to exploit the vulnerability in the wild as part of an ongoing attack.

“Trend Micro has observed active attempted exploitation against this vulnerability in the wild (ITW) in a very limited number of cases, and we have already been in contact with these customers,” the company said.

CISA orders federal agencies to patch

The Japanese antivirus vendor also urged customers of affected products (on premise and as a service) to update to the latest released version as soon as possible.

“Please note that the SaaS version has already been deployed to the backend and no further action is required from SaaS customers on this issue,” the company added for SaaS customers.

When asked how many customers were targeted by these attacks and whether any of their networks were hacked as a result of these exploit attempts, Trend Micro spokeswoman Funda Cizgenakad told BleepingComputer that the company was “not able to comment on customers” because “it is confidential”.

On Thursday, following Trend Micro’s disclosure, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal civilian agencies to fix the actively exploited Apex Central bug within the next three weeks, until April 21, 2022.

The cybersecurity agency also urged private and public sector organizations in the United States to prioritize fixing this actively exploited bug to reduce the exposure of their networks to ongoing attacks.

CISA added the Trend Micro flaw to its catalog of known exploited vulnerabilities, a list of exploited-in-the-wild security bugs, along with seven others, including a critical Sophos firewall bug.

Comments are closed.