Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                          ESB-2008.0826 -- [Win]
     Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1 Critical Patch
                              26 August 2008


        AusCERT Security Bulletin Summary

Product:              Trend Micro OfficeScane 8.0 SP1
Publisher:            Trend Micro
Operating System:     Windows
Impact:               Administrator Compromise
Access:               Remote/Unauthenticated

Original Bulletin:

- --------------------------BEGIN INCLUDED TEXT--------------------

  Trend Micro, Inc.                                      August 22, 2008
              Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1
                      Critical Patch -  Build 2402

     1.  Overview of this Critical Patch Release
	  1.1 Files Included in this Release
     2.  What's New
     3.  Documentation Set
     4.  System Requirements
     5.  Installation/Uninstallation
     6.  Post-Installation Configuration
     7.  Known Issues
     8.  Release History
     9.  Contact Information
     10. About Trend Micro
     11. License Agreement

1. Overview of this Critical Patch Release
   This critical patch addresses a logon password authentication bypass 
   vulnerability in the OfficeScan Web console. When the OfficeScan 
   administrator logs on, an attacker can illegally access the password
   authentication token and take full control of the Web console.

   1.1 Files Included in this Release 
   Module File Name                Build No.
   ----------------                ---------

2. What's New
   Critical patch 2402 enhances the way OfficeScan creates a session
   token such that attackers would need a larger amount of time and
   resources to access the password authentication token.

3. Documentation Set

   o Readme.txt -- basic installation, known issues, release history,
     and contact information 
   Electronic versions of the printed manuals are available at:

4. System Requirements
   Install OfficeScan 8.0 Service Pack 1 before installing this critical

   Visit the following website for more information about the latest
   updates to this product:


5. Installation/Uninstallation
   5.1 Installation 
   To install this critical patch:

   1. Copy the critical patch executable file to a temporary folder 
      (for example, "C:\temp").

   2. Double-click the file. The modules are automatically copied to 
      the correct destination.

   This critical patch installation package rolls back the OfficeScan 
   server automatically if it encounters any problems during 

   If you encounter any problems after installation, do a manual 

   5.2 Manual Rollback Procedure
   To manually roll back to the previous configuration:

   1. Locate the backup folder that the critical patch package created 
      in the "\PCCSRV\Backup\CriticalPatch_B2402" directory.

   2. Copy the backup modules to the original folders.

   Note: Register online with Trend Micro within 30 days of installation 
   to continue downloading new pattern files and product updates from 
   the Trend Micro Web site. Register during installation or online at:


6. Post-Installation Configuration
   No post-installation steps are required.

   Note: Trend Micro recommends that you update your scan engine and  
   virus pattern files immediately after installing the product.

7. Known Issues
   There are no known issues for this critical patch release.

8. Release History 
   Visit the following Web site for more information about updates 
   to this product:


9. Contact Information
   A license to the Trend Micro software usually includes the right to 
   product updates, pattern file updates, and basic technical support 
   for one (1) year from the date of purchase only. After the first 
   year, Maintenance must be renewed on an annual basis at Trend Micro's 
   then-current Maintenance fees.

   You can contact Trend Micro via fax, phone, and email, or visit us 


   Evaluation copies of Trend Micro products can be downloaded from our 
   Web site.

   Global Mailing Address/Telephone numbers
   For global contact information in the Asia/Pacific region, Australia 
   and New Zealand, Europe, Latin America, and Canada, refer to:


   The Trend Micro "About Us" screen displays. Click the appropriate 
   link in the "Contact Us" section of the screen.

   Note: This information is subject to change without notice.

10. About Trend Micro
   Trend Micro, Inc. provides virus protection, anti-spam, and 
   content-filtering security products and services. Trend Micro allows 
   companies worldwide to stop viruses and other malicious code from a 
   central point before they can reach the desktop.

   Copyright 2008, Trend Micro Incorporated. All rights reserved.
   Trend Micro, the t-ball logo, and OfficeScan are trademarks of 
   Trend Micro Incorporated and are registered in some jurisdictions. 
   All other marks are the trademarks or registered trademarks of their 
   respective companies.

11. License Agreement
   Information about your license agreement with Trend Micro can be 
   viewed at:


   Third-party licensing agreements can be viewed:
     - By selecting the "About" option in the application user interface
     - By referring to the "Legal" page of the Getting Started Guide or 
       Administrator's Guide
- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.

Comment: http://www.auscert.org.au/render.html?it=1967