Trend Micro Warns of Active Attacks on Apex One Flaws

Trend Micro has issued an urgent security update addressing critical vulnerabilities in its Apex One endpoint protection platform that could allow attackers to remotely execute malicious code on affected systems. The cybersecurity firm confirmed active exploitation attempts targeting these flaws in on-premises deployments, prompting immediate action to mitigate risks.

The vulnerabilities, if successfully exploited, grant attackers the ability to bypass security controls and gain unauthorized access to corporate networks. Trend Micro’s temporary patch aims to protect organizations while a permanent solution undergoes development and testing. Security teams managing Apex One installations should prioritize applying these interim protections.

Researchers identified multiple attack vectors where threat actors could manipulate system processes to achieve remote code execution. This type of compromise often serves as an entry point for more extensive network intrusions, including data theft or ransomware deployment. The affected components involve both the management console and client agents in certain configurations.

On-premises deployments face particular risk as cloud-based Apex One implementations automatically receive security updates. Organizations running local installations must manually apply the temporary fix through their Trend Micro console. The company advises administrators to monitor for suspicious activity while awaiting the comprehensive update.

Security professionals recommend treating these vulnerabilities with high priority given their critical severity rating and confirmed exploitation attempts. Network segmentation and strict access controls can provide additional protection layers while patches roll out. Trend Micro’s advisory includes detailed indicators of compromise to help identify potential breaches.

(Source: InfoSecurity Magazine)