Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0826 -- [Win] Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1 Critical Patch 26 August 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Trend Micro OfficeScane 8.0 SP1 Publisher: Trend Micro Operating System: Windows Impact: Administrator Compromise Access: Remote/Unauthenticated Original Bulletin: http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402_readme.txt - --------------------------BEGIN INCLUDED TEXT-------------------- Trend Micro, Inc. August 22, 2008 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) 8.0 Service Pack 1 Critical Patch - Build 2402 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Files Included in this Release 2. What's New 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this Critical Patch Release ======================================================================== This critical patch addresses a logon password authentication bypass vulnerability in the OfficeScan Web console. When the OfficeScan administrator logs on, an attacker can illegally access the password authentication token and take full control of the Web console. 1.1 Files Included in this Release ===================================================================== Module File Name Build No. ---------------- --------- CGIOCommon.dll 8.0.0.2402 AtxConsole.cab AtxConsole.ocx 8.0.0.2402 AtxEnc.cab AtxPie.cab 2. What's New ======================================================================== Critical patch 2402 enhances the way OfficeScan creates a session token such that attackers would need a larger amount of time and resources to access the password authentication token. 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues, release history, and contact information Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 4. System Requirements ======================================================================== Install OfficeScan 8.0 Service Pack 1 before installing this critical patch. Visit the following website for more information about the latest updates to this product: http://www.trendmicro.com/download/product.asp?productid=5. 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== To install this critical patch: 1. Copy the critical patch executable file to a temporary folder (for example, "C:\temp"). 2. Double-click the file. The modules are automatically copied to the correct destination. This critical patch installation package rolls back the OfficeScan server automatically if it encounters any problems during installation. If you encounter any problems after installation, do a manual rollback. 5.2 Manual Rollback Procedure ===================================================================== To manually roll back to the previous configuration: 1. Locate the backup folder that the critical patch package created in the "\PCCSRV\Backup\CriticalPatch_B2402" directory. 2. Copy the backup modules to the original folders. Note: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation or online at: http://olr.trendmicro.com/ 6. Post-Installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this critical patch release. 8. Release History ======================================================================== Visit the following Web site for more information about updates to this product: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2008, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSLNhkyh9+71yA2DNAQI69wQAjX8OJeAA8Z8wOtTiqF0bGeebLYuOmkl4 eAS3bJkdsW9VSO6eHtqg48pC+ao27K9ZauF24sUAoZsv3JpVr4ihMHG6zx564ikY r9f5t8DiK1KW8ZCYXT0URFw2OjzcPnqaO9yTA7myCvfqWoOTmTpaSQNKIT3Qw7OH qHIF7U+4Fms= =DHMt -----END PGP SIGNATURE-----