Trend Micro Product Management Console Bug Let Hackers Execute Arbitrary Code Remotely – CybersecurityNews

Security software developer Trend Micro has patched recently a high severity vulnerability that could allow attackers to execute arbitrary code remotely from the Apex Central product management console.
While the security vulnerability that is affecting the Apex Central product management console is tracked as CVE-2022-26871. System administrators can manage Trend Micro products and services through Apex Central, a web-based management console.
You can also use this tool for manual component updating through pre-scheduled updates or updates that are performed directly. 
In order to help protect Trend Micro products against the exploitation of these vulnerabilities, Trend Micro has released these IPS rules and filters. And here they are:-
While as a result of the disclosure of Trend Micro, the CISA has made the injunction that the federal agencies have only three weeks (within April 21, 2022) to patch the exploited Apex Central bug or these penalties will be imposed on them.
Moreover, a new set of solutions has been released by Trend Micro to resolve the issue:-
In order for an attacker to be able to exploit these types of vulnerabilities, generally, they have to have access to a machine that is vulnerable. 
Besides patching and updating, customers should review the remote access to critical systems and extend security to perimeters and policies.
The agency further advised that private and public sector organizations in the US should patch the exploited vulnerability as soon as possible to prevent their networks from being hacked.
You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

source