Published: September 21, 2023


A critical security vulnerability, CVE-2023-41179 (CVSS Score 9.1), has been found in Trend Micro’s products that can lead to arbitrary code execution. It resides in the 3rd party Antivirus uninstaller module contained in Trend Micro Apex One (on-premise and SaaS), Worry-Free Business Security, and Worry-Free Business Security Services1. This vulnerability could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation leading to remote code execution. Cybersecurity company Trend Micro has released patches and hotfixes to address this critical security flaw.


According to Trend Micro, a successful exploitation of the CVE-2023-41179 flaw could allow an attacker to execute arbitrary commands on an affected installation. However, it requires that the adversary already have access to the administrative console on the target system. Trend Micro has observed at least one active attempt at potential exploitation of this vulnerability in the wild.

Applicable Versions

Affected VersionsFixed Version
Apex One (On-Prem) version 2019SP1 Patch 1 (B12380)
Apex One as a ServiceSP1 Patch 1 (B12380) and Agent version 14.0.12637
Worry-Free Business Security – version 10.0 SP1WFBS 10.0 SP1 Patch 2495
Worry-Free Business Security ServicesWFBSS July 31, 2023, Monthly Maintenance Release

Mitigations and Workarounds

According to Trend Micro, the workaround for the vulnerability CVE-2023-41179 is to limit access to the administration console to trusted networks. This measure can help prevent unauthorized access while awaiting the installation of security updates. However, it’s paramount for users of these products to apply the above patches, released by Trend Micro, immediately.

Best Practices

It is recommended that the users of the above Trend Micro products apply the patches for their respective products immediately.  

To mitigate the risk of exploitation, restrict remote access to the product’s administration console. This can prevent unauthorized access while you’re waiting for the security updates. 

Keep an eye on your systems for any signs of suspicious activity. This vulnerability could be exploited for lateral movement by attackers who have gained access to other company assets.  

By following these best practices, users can reduce the risk of exploitation and help to prevent CVE-2023-41179 from being utilized. 

Netsurion Detection and Response

Netsurion researchers are continuously monitoring the exploits of this vulnerability. Our security analysts will add the IOCs (Indicators of Compromise – the hashes of malicious files and the IP addresses) to Netsurion Threat Center, our threat intelligence platform. This will help detect malicious files and suspicious Command and Control communications to malicious IP addresses to detect the exploitation of these vulnerabilities. Netsurion’s vulnerability management system will also detect this vulnerability (CVE-2023-41179) for customers who have subscribed to Netsurion Vulnerability Management.