If you use a Windows computer and use Trend Mirco Apex One or Worry-Free Business Security, you should install the latest versions for security reasons. Otherwise attackers could attack systems.
As a warning message shows, the developers have closed a total of five security holes. Specifically affected are Windows Apex One 2019 (on-prem) and SaaS and Worry-Free Business Security (WFBS) 10.0 SP1 and Worry-Free Business Security Services (WFBSS) SaaS. Trend Micro claims to have closed the vulnerabilities in the following versions.
- Apex One Patch 6 B10048
- Apex One as a Service October 2021 Release
- WFBS 10.0 SP1 Patch 2368
- WFBSS October 2021 Hotfix
Attacks only under certain conditions
The manufacturer of the AV software points out that attackers can always execute code with low user rights on vulnerable PCs as a prerequisite for successful attacks. The vulnerabilities classified as most dangerous (CVE-2021-45231 “high“, CVE-2021-45441”high“) could be exploited by attackers to increase their user rights. To do this, however, they have to smuggle a specially crafted file onto the computer.
In addition, attackers could have two DoS vulnerabilities (CVE-2021-44024 “medium“, CVE-2021-45442”medium“). All vulnerabilities have been discovered in-house security researchers of the Zero Day Initiative.
(of)