Apex Central: Trend Micro takes over four months for security patch
Windows PCs with Trend Micro Apex Central were vulnerable, among other things, through a critical malicious code vulnerability.
(Image: Artur Szczybylo/Shutterstock.com)
Security researchers from Tenable discovered vulnerabilities in Trend Micro's Windows management software for antivirus applications, Apex Central (on-premise), as early as August of last year. However, patches have only now been released. If attackers successfully exploit the vulnerabilities, they can completely compromise systems.
In a warning message, the software manufacturer lists a total of three security vulnerabilities that have now been closed (CVE-2025-69258 “critical,” CVE-2025-69259 “high,” CVE-2025-69260 “high”). In the worst-case scenario, attackers can execute malicious code. Such attacks are said to be possible remotely without authentication. In addition, DoS attacks are possible. Such attacks typically lead to crashes. If IT security solutions are affected, this can have far-reaching consequences for computer systems unprotected after a crash.
Videos by heise
Timeline
Security researchers from Tenable stumbled upon the vulnerabilities. In a post, they explain that they contacted Trend Micro at the end of August last year. According to them, communication proved to be lengthy. They claim they repeatedly had to wait weeks for a response. Finally, the secured version, Critical Patch Build 7190, was only released now.
It is currently unclear whether there have been any attacks meanwhile. Because the security researchers provide proof-of-concept code in their post, the attack situation could change rapidly. Therefore, administrators should act promptly and update their systems.
(des)
