Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0843 -- [Win]
Worry-Free Business Security 5.0 - Security Server Critical Patch
29 August 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Trend Micro Worry-Free Business Security 5.0
Publisher: Trend Micro
Operating System: Windows
Impact: Administrator Compromise
Access: Remote/Unauthenticated
CVE Names: CVE-2008-2433
Original Bulletin:
http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt
- --------------------------BEGIN INCLUDED TEXT--------------------
Trend Micro, Inc. August 20, 2008
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Worry-Free Business Security 5.0 - Security Server
Critical Patch - Build 1404
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This Critical Patch was developed as a workaround or solution
to a customer-reported problem. As such, this Critical Patch has
received limited testing and has not been certified as an official
product update. Consequently, THIS CRITICAL PATCH IS PROVIDED "AS IS".
TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR
PERFORMANCE OF THIS CRITICAL PATCH NOR DOES IT WARRANT THAT THIS
CRITICAL PATCH IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW,
TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING
BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
Contents
===================================================================
1. Overview of this Critical Patch Release
1.1 Files Included in this Release
2. What's New
3. Documentation Set
4. System Requirements
5. Installation/Uninstallation
6. Post-installation Configuration
7. Known Issues
8. Release History
9. Contact Information
10. About Trend Micro
11. License Agreement
===================================================================
1. Overview of this Critical Patch Release
========================================================================
This critical patch addresses a vulnerability (bypassing logon
password authentication) on the OfficeScan Web console. When an
OfficeScan administrator logs on, an attacker can illegally access
the password authentication token and take full control of the Web
console.
Note: This critical patch can be applied to any language version
that OfficeScan Server supports.
1.1 Files Included in this Release
=====================================================================
Module File Name Build No.
---------------------- ------------
CGIOCommon.dll 15.0.0.1404
2. What's New
========================================================================
Critical patch 1404 further secures the OfficeScan session creation
token method.
3. Documentation Set
========================================================================
o Readme.txt -- basic installation, known issues, release history
and contact information
Electronic versions of the printed manuals are available at:
http://www.trendmicro.com/download
4. System Requirements
========================================================================
Worry-Free Business Security 5.0
5. Installation/Uninstallation
========================================================================
5.1 Installation
=====================================================================
To install Critical Patch 1404:
1. Copy the Critical Patch executable file to a temporary folder
For example, "C:\temp".
2. Double-click the file. The modules are automatically copied to
the correct destination.
This Critical Patch installation package automatically rolls back the
Security Server to its original configuration if there are problems
during installation.
If you encounter problems after installation, manually rollback the
installation.
5.2 Manual Rollback Procedure
=====================================================================
To manually roll back to the original configuration:
1. Locate the backup folder that the Critical Patch package created
in the
"\PCCSRV\Backup\CriticalPatch_B1404" directory.
2. Copy the backup modules to the original folders.
3. Run the "TmTouch.exe" tool to trigger the Critical Patch
mechanism.
To run "TmTouch.exe":
a. Open a command prompt on the server.
b. At the command prompt, change the directory to
"PCCSRV\admin\utility\touch".
c. Use the "TmTouch.exe <file name>" command to run the touch
tool:
Note: <file name> is the file that you want to roll back.
6. Post-installation Configuration
========================================================================
No post-installation steps are required.
Note: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing this Critical Patch.
7. Known Issues
========================================================================
There are no known issues for this Critical Patch release.
8. Release History
========================================================================
Visit the following Web site for more information about updates
to this product:
http://www.trendmicro.com/download
9. Contact Information
========================================================================
A license to the Trend Micro software usually includes the right to
product updates, pattern file updates, and basic technical support
for one (1) year from the date of purchase only. After the first
year, Maintenance must be renewed on an annual basis at Trend Micro's
then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us
at:
http://www.trendmicro.com
Evaluation copies of Trend Micro products can be downloaded from our
Web site.
Global Mailing Address/Telephone numbers
========================================
For global contact information in the Asia/Pacific region, Australia
and New Zealand, Europe, Latin America, and Canada, refer to:
http://www.trendmicro.com/en/about/overview.htm
The Trend Micro "About Us" screen displays. Click the appropriate
link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
10. About Trend Micro
========================================================================
Trend Micro, Inc. provides virus protection, anti-spam, and
content-filtering security products and services. Trend Micro allows
companies worldwide to stop viruses and other malicious code from a
central point before they can reach the desktop.
Copyright 2008, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, Worry-Free, and OfficeScan are
trademarks of Trend Micro Incorporated and are registered in some
jurisdictions.
All other marks are the trademarks or registered trademarks of their
respective companies.
11. License Agreement
========================================================================
Information about your license agreement with Trend Micro can be
viewed at:
http://www.trendmicro.com/en/purchase/license/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user interface
- By referring to the "Legal" page of the Getting Started Guide or
Administrator's Guide
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSLeBnSh9+71yA2DNAQL43AP+KutmLQqOcDhEqFvq9EXGiq+Kx5/Dey4F
Rzg/rvULtmD1odKjFuHSCCTPbYH7chf+JiYMM/VC9p1rnXb4LXjx8r6U0FZmaqAr
SX+g9c1hkwlWJOFBRs0uVp0lo29ZqtegF7nOzgr/LEfB6N/fk051yvsl37UhuNRA
h4buSy+Err0=
=Rn0B
-----END PGP SIGNATURE-----