Security updates: Trend Micro's patchy protection puts PCs at risk

Vulnerabilities in Trend Micro security software make computers vulnerable. The products affected are Apex Central2019, Apex CentrallAll, Apex OneAll, Apex One as a Service2019, Apex One as a ServiceAll, Internet Security, Maximum Security, Worry-Free Business Security and Worry-Free Business Security Services.

Various starting points for attackers

Two “critical” vulnerabilities (CVE-2025-49219, CVE-2025-49220) in Apex Central2019 and Apex CentrallAll are considered the most dangerous. As can be seen from the brief description of the warning message, attackers can use them to launch malicious code attacks remotely. It is not yet clear how such attacks could be carried out in detail. The developers assure that they have closed the gaps in the Apex Cental (on-prem) CP B7007 and Apex Central as a Service April 2025 Monthly Release editions.

According to an article, Apex One can be attacked in several versions. In the worst case, attackers can execute malicious code in this context (CVE-2025-49155 “high”). However, there are other vulnerabilities. Fixed are the releases Apex One SP1 CP Build 14002 and Apex One as a Service Security Agent Version: 14.0.14492.

In Internet Security 17.8.1464, the developers have closed a vulnerability(CVE-2025-49384 “high”). Attackers can use this to gain higher user rights. Maximum Security is protected in version 17.8.1464(CVE-2025-49385 “high”). Attackers can gain unauthorized access to systems via a vulnerability(CVE-2025-49154 “high”) in Worry-Free Business Security.

Most recently, several vulnerabilities in Deep Security Agent from Trend Micro made the headlines in April. Among other things, DoS attacks are possible here.

(des)