Trellix: Update seals security gaps in Enterprise Security Manager

There are security gaps in Trellix Enterprise Security Manager (ESM), which the manufacturer is closing with a security update. Admins should update the monitoring software for displaying the security situation of their own network as soon as possible.

In the version announcement, Trellix lists the individual components of the update to version 11.6.13. "This update is recommended for all environments. Apply the update as soon as possible", writes the company.

Security-relevant update components

Trellix does not address specific security vulnerabilities. However, Trellix ESM 11.6.13 updates Azul Java, for example, and thus addresses several unlisted CVEs. The supplied libcurl library also fixes two security vulnerabilities (CVE-2023-38545, CVSS 9.8, risk"critical"; CVE-2023-38546, CVSS 3.7, low). Two "reverse shell" vulnerabilities were also previously lurking in the "Snow Service" (CVE-2024-1148, CVSS 9.8, critical; CVE-2024-11482 [not yet public]). The CERT-Bund of the BSI classifies the vulnerabilities with a maximum CVSS value of 9.8 as a critical risk and warns that they allow attackers to "bypass security measures".

In addition to the closed vulnerabilities, there are also improvements in the product. For example, ESET and Sentinel security solutions can now also serve as data sources for Trellix ESM. Since version 11.6, the software does not support configuration as a distributed system. Anyone wishing to upgrade to the 11.6 version branch of Trellix Enterprise Security Manager can find instructions from the company on how to upgrade to HA Receivers here.

In mid-May, Trellix also had to patch vulnerabilities in ePolicy Orchestrator. They allowed attackers to extend their rights. At the time, CERT-Bund warned of the high risk posed by the vulnerabilities in the software.

(dmk)