News broke yesterday that researchers from Core Security had discovered multiple vulnerabilities in the web-based management console of Trend Micro ServerProtect. Vulnerabilities were found in the ServerProtect for Linux update mechanism, allowing remote code execution as root. Andrew Clarke, EMEA Director at One Identity commented below.
Andrew Clarke, EMEA Director at One Identity:
“News that critical vulnerabilities that could potentially allow a remote attacker to execute arbitrary code via multiple vectors have surfaced in Trend Micro ServerProtect for Linux 3.0 was quickly addressed by the vendor by a critical patch. This high-lights that it is not just operating systems that need to be continuously monitored and patched but all critical systems across a business need to be monitored too.
However businesses can proactively defend against these potential exploits since an attacker does require access to the vulnerable system. A strong access policy alongside suitable perimeter defences which considers remote access to critical systems should be regularly reviewed. Control of administrative passwords which can unlock access to such systems should also be placed under a robust privileged account management environment.”