Affected Version(s)
| Product | Affected Version(s) | Platform | Language(s) |
| Apex One iES Server* | 2019 (On-Prem) | Windows | English |
* Please note that Apex One Server does not install Redis by default unless the administration has specifically enabled the Integrated Endpoint Sensor (iES) server either through the initial installation of Apex One Server or later through the console. Customers who have never enabled the Apex One iES server component are NOT affected.
Customers can verify whether or not Redis is installed by one of the following:
- Check for Redis service: sc query “Redis”
- Verify installation files in the iES setup directory – typically in C:\Program Files (x86)\Trend Micro\Apex One\iServiceSrv\iES
Solution
Trend Micro will be releasing an updated Critical Patch (CP) that will be available in late January 2026.
However, for customers that need/wish to implement a mitigation immediately, Trend Micro has prepared a tool that will modify a security configuration for Redis that will address the issue.
(Zip SHA256: 35dbf52a56a83b3ca789377fd331fb9ff41e0c4c5ff63e9b87711cfcf6efebd0)
This simple tool will stop the iES and Redis services, apply the updated security configuration and then restart the services. The tool only needs to run once.
Customers who wish to manually apply the configuration information instead of running the attached tool may contact Trend Micro support for additional information.