Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0826 -- [Win]
Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1 Critical Patch
26 August 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Trend Micro OfficeScane 8.0 SP1
Publisher: Trend Micro
Operating System: Windows
Impact: Administrator Compromise
Access: Remote/Unauthenticated
Original Bulletin:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402_readme.txt
- --------------------------BEGIN INCLUDED TEXT--------------------
Trend Micro, Inc. August 22, 2008
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1
Critical Patch - Build 2402
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contents
===================================================================
1. Overview of this Critical Patch Release
1.1 Files Included in this Release
2. What's New
3. Documentation Set
4. System Requirements
5. Installation/Uninstallation
6. Post-Installation Configuration
7. Known Issues
8. Release History
9. Contact Information
10. About Trend Micro
11. License Agreement
===================================================================
1. Overview of this Critical Patch Release
========================================================================
This critical patch addresses a logon password authentication bypass
vulnerability in the OfficeScan Web console. When the OfficeScan
administrator logs on, an attacker can illegally access the password
authentication token and take full control of the Web console.
1.1 Files Included in this Release
=====================================================================
Module File Name Build No.
---------------- ---------
CGIOCommon.dll 8.0.0.2402
AtxConsole.cab
AtxConsole.ocx 8.0.0.2402
AtxEnc.cab
AtxPie.cab
2. What's New
========================================================================
Critical patch 2402 enhances the way OfficeScan creates a session
token such that attackers would need a larger amount of time and
resources to access the password authentication token.
3. Documentation Set
========================================================================
o Readme.txt -- basic installation, known issues, release history,
and contact information
Electronic versions of the printed manuals are available at:
http://www.trendmicro.com/download
4. System Requirements
========================================================================
Install OfficeScan 8.0 Service Pack 1 before installing this critical
patch.
Visit the following website for more information about the latest
updates to this product:
http://www.trendmicro.com/download/product.asp?productid=5.
5. Installation/Uninstallation
========================================================================
5.1 Installation
=====================================================================
To install this critical patch:
1. Copy the critical patch executable file to a temporary folder
(for example, "C:\temp").
2. Double-click the file. The modules are automatically copied to
the correct destination.
This critical patch installation package rolls back the OfficeScan
server automatically if it encounters any problems during
installation.
If you encounter any problems after installation, do a manual
rollback.
5.2 Manual Rollback Procedure
=====================================================================
To manually roll back to the previous configuration:
1. Locate the backup folder that the critical patch package created
in the "\PCCSRV\Backup\CriticalPatch_B2402" directory.
2. Copy the backup modules to the original folders.
Note: Register online with Trend Micro within 30 days of installation
to continue downloading new pattern files and product updates from
the Trend Micro Web site. Register during installation or online at:
http://olr.trendmicro.com/
6. Post-Installation Configuration
========================================================================
No post-installation steps are required.
Note: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing the product.
7. Known Issues
========================================================================
There are no known issues for this critical patch release.
8. Release History
========================================================================
Visit the following Web site for more information about updates
to this product:
http://www.trendmicro.com/download
9. Contact Information
========================================================================
A license to the Trend Micro software usually includes the right to
product updates, pattern file updates, and basic technical support
for one (1) year from the date of purchase only. After the first
year, Maintenance must be renewed on an annual basis at Trend Micro's
then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us
at:
http://www.trendmicro.com
Evaluation copies of Trend Micro products can be downloaded from our
Web site.
Global Mailing Address/Telephone numbers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For global contact information in the Asia/Pacific region, Australia
and New Zealand, Europe, Latin America, and Canada, refer to:
http://www.trendmicro.com/en/about/overview.htm
The Trend Micro "About Us" screen displays. Click the appropriate
link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
10. About Trend Micro
========================================================================
Trend Micro, Inc. provides virus protection, anti-spam, and
content-filtering security products and services. Trend Micro allows
companies worldwide to stop viruses and other malicious code from a
central point before they can reach the desktop.
Copyright 2008, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, and OfficeScan are trademarks of
Trend Micro Incorporated and are registered in some jurisdictions.
All other marks are the trademarks or registered trademarks of their
respective companies.
11. License Agreement
========================================================================
Information about your license agreement with Trend Micro can be
viewed at:
http://www.trendmicro.com/en/purchase/license/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Getting Started Guide or
Administrator's Guide
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSLNhkyh9+71yA2DNAQI69wQAjX8OJeAA8Z8wOtTiqF0bGeebLYuOmkl4
eAS3bJkdsW9VSO6eHtqg48pC+ao27K9ZauF24sUAoZsv3JpVr4ihMHG6zx564ikY
r9f5t8DiK1KW8ZCYXT0URFw2OjzcPnqaO9yTA7myCvfqWoOTmTpaSQNKIT3Qw7OH
qHIF7U+4Fms=
=DHMt
-----END PGP SIGNATURE-----