Trend Micro Apex One: Error prevents executable files from starting

Trend Micro is currently investigating problems with the Apex One security software. After the latest updates, executable files no longer start on affected computers. The manufacturer has already been able to stop the distribution of the faulty update.

This is reminiscent of the CrowdStrike disaster from last year. On the Trend Micro services status page, the manufacturer reports that the Apex One agent generates an error message after an update that contains the message "Bad Image" and ensures that no more executable files are started on the computers. Trend Micro discusses the specific error message in a support document.

First countermeasures

The error message displayed is "regsvr32.exe - Bad Image". The details continue with: "C:\WINDOWS\System32\tmmh\20019\AddOn\8.55.0.1399\TmUmEvt.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. Error status 0xc000012f." Those affected should therefore replace the "TmUmEvt.dll" file with its previous version in order to restore the system to full functionality.

Trend Micro explained to heise online: "This is indeed a faulty update." After the company distributed its updates in phases, "we were able to stop the faulty update and prevent further customers/machines from being affected". The investigation into how many customers are affected and to what extent is still ongoing.

Trend Micro last had to deal with security problems in Apex One in mid-August. The update to close a security gap in the on-premises version of the Apex One Management Console, which had already been attacked on the Internet, had side effects that caused the "Remote Install Agent" function to stop working. Two weeks later, the company followed up with an update that also restored this function.

(dmk)