zurück zum Artikel

Security updates: Trend Micro's patchy protection puts PCs at risk

Dennis Schirrmacher
A symbolic update button on a keyboard.

(Bild: Artur Szczybylo/Shutterstock.com)

Among others, Apex Central and Worry-Free Business Security from Trend Micro are vulnerable under Windows.

Vulnerabilities in Trend Micro security software make computers vulnerable. The products affected are Apex Central2019, Apex CentrallAll, Apex OneAll, Apex One as a Service2019, Apex One as a ServiceAll, Internet Security, Maximum Security, Worry-Free Business Security and Worry-Free Business Security Services.

Various starting points for attackers

Two “critical” vulnerabilities (CVE-2025-49219, CVE-2025-49220) in Apex Central2019 and Apex CentrallAll are considered the most dangerous. As can be seen from the brief description of the warning message [1], attackers can use them to launch malicious code attacks remotely. It is not yet clear how such attacks could be carried out in detail. The developers assure that they have closed the gaps in the Apex Cental (on-prem) CP B7007 and Apex Central as a Service April 2025 Monthly Release editions.

According to an article, Apex One can be attacked in several versions [2]. In the worst case, attackers can execute malicious code in this context (CVE-2025-49155 “high”). However, there are other vulnerabilities. Fixed are the releases Apex One SP1 CP Build 14002 and Apex One as a Service Security Agent Version: 14.0.14492.

In Internet Security 17.8.1464, the developers have closed a vulnerability(CVE-2025-49384 [3]“high”). Attackers can use this to gain higher user rights. Maximum Security is protected in version 17.8.1464(CVE-2025-49385 [4] “high”). Attackers can gain unauthorized access to systems via a vulnerability(CVE-2025-49154 [5] “high”) in Worry-Free Business Security.

Most recently, several vulnerabilities in Deep Security Agent from Trend Micro made the headlines in April [6]. Among other things, DoS attacks are possible here.

Jetzt heise security PRO entdecken Jetzt heise security PRO entdecken [7]

(des [8])

Don't miss any news – follow us on Facebook [9], LinkedIn [10] or Mastodon [11].

This article was originally published in German [12]. It was translated with technical assistance and editorially reviewed before publication.

URL dieses Artikels:
https://www.heise.de/-10442610

Links in diesem Artikel:
[1] https://success.trendmicro.com/en-US/solution/KA-0019926
[2] https://success.trendmicro.com/en-US/solution/KA-0019917
[3] https://helpcenter.trendmicro.com/en-us/article/TMKA-11112
[4] https://helpcenter.trendmicro.com/en-us/article/TMKA-18461
[5] https://success.trendmicro.com/en-US/solution/KA-0019936
[6] https://www.heise.de/news/Schwachstellen-gefaehrden-PCs-mit-Trend-Micro-Apex-Central-Deep-Security-Agent-10338451.html?from-en=1
[7] https://pro.heise.de/security/?LPID=39555_HS1L0001_27416_999_0&wt_mc=disp.fd.security-pro.security_pro24.disp.disp.disp
[8] mailto:des@heise.de
[9] https://www.facebook.com/heiseonlineEnglish
[10] https://www.linkedin.com/company/104691972
[11] https://social.heise.de/@heiseonlineenglish
[12] https://www.heise.de/news/Sicherheitsupdates-Loechriger-Schutz-von-Trend-Micro-gefaehrdet-PCs-10441455.html

Copyright © 2025 Heise Medien