好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户已经提供了文章的英文内容,所以我得先仔细阅读并理解文章的主要信息。 首先,文章讲的是日本的网络安全软件公司Trend Micro修补了两个关键的Apex One漏洞。这两个漏洞都允许攻击者在易受攻击的Windows系统上进行远程代码执行(RCE)。Apex One是一个端点安全平台,用于检测和响应各种安全威胁。 接下来,文章详细介绍了这两个漏洞:CVE-2025-71210和CVE-2025-71211。它们都是由于管理控制台中的路径遍历弱点导致的。Trend Micro在安全公告中提到,成功利用这些漏洞需要攻击者访问管理控制台,并建议客户更新到最新版本以修复问题。 此外,Trend Micro还修补了其他几个高危漏洞,并指出虽然目前这些漏洞尚未被公开利用,但过去几年中Apex One曾多次被滥用在攻击中。美国网络安全和基础设施安全局(CISA)正在跟踪这些漏洞。 现在我需要将这些信息浓缩到100字以内。重点包括:Trend Micro修补了两个关键漏洞,允许RCE;漏洞存在于管理控制台;建议更新软件;过去Apex One曾被滥用;CISA正在跟踪。 可能的结构是:Trend Micro修补了两个关键的安全漏洞,允许攻击者在Windows系统上执行远程代码。这两个漏洞存在于Apex One管理控制台中,建议用户更新软件以修复问题。过去几年中,Apex One曾多次被滥用在攻击中,CISA正在跟踪这些漏洞。 这样大约在100字左右,并且直接描述了文章内容。 </think> 日本网络安全公司Trend Micro修补了两个关键的安全漏洞,允许攻击者在Windows系统上执行远程代码。这两个漏洞存在于Apex One管理控制台中,建议用户更新软件以修复问题。过去几年中,Apex One曾多次被滥用在攻击中,CISA正在跟踪这些漏洞。 2026-2-26 18:1:56 Author: www.bleepingcomputer.com(查看原文) 阅读量:4 收藏
Japanese cybersecurity software firm Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems.
Apex One is an endpoint security platform that detects and responds to security threats, including malware, spyware, malicious tools, and vulnerabilities.
The first critical Apex One security flaw patched this week (CVE-2025-71210) is due to a path traversal weakness in the Trend Micro Apex One management console, allowing attackers without privileges to execute malicious code on unpatched systems.
The second, tracked as CVE-2025-71211, is another Apex One management console path traversal vulnerability, similar in scope to CVE-2025-71210 but affecting a different executable.
As Trend Micro explained in a Tuesday security advisory, successful exploitation requires attackers to "have access to the Trend Micro Apex One Management Console, so customers that have their console's IP address exposed externally should consider mitigating factors such as source restrictions if not already applied."
"Even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible," it warned.
To address these critical security flaws, Trend Micro has patched the vulnerabilities in the SaaS Apex One versions and released Critical Patch Build 14136, which also fixes two high-severity privilege escalation flaws in the Windows agent and four more affecting the macOS agent.
While Trend Micro has not flagged these vulnerabilities as exploited in the wild, threat actors have abused other Apex One in attacks over the last several years.
For instance, Trend Micro warned customers to patch an actively exploited Apex One RCE vulnerability (CVE-2025-54948) in August 2025, and addressed two other Apex One zero-days exploited in the wild in September 2022 (CVE-2022-40139) and in September 2023 (CVE-2023-41179).
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) currently tracks 10 Trend Micro Apex vulnerabilities that have either been or are still being exploited in the wild.
The future of IT infrastructure is here
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
如有侵权请联系:admin#unsafe.sh