Operating System:

[Win]

Published:

29 August 2008

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                          ESB-2008.0843 -- [Win]
     Worry-Free Business Security 5.0 - Security Server Critical Patch
                              29 August 2008

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Trend Micro Worry-Free Business Security 5.0
Publisher:            Trend Micro
Operating System:     Windows
Impact:               Administrator Compromise
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-2433

Original Bulletin:
  http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt

- --------------------------BEGIN INCLUDED TEXT--------------------

  Trend Micro, Inc.                                      August 20, 2008
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         Worry-Free Business Security 5.0 - Security Server
                          Critical Patch - Build 1404
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTICE: This Critical Patch was developed as a workaround or solution
to a customer-reported problem. As such, this Critical Patch has
received limited testing and has not been certified as an official
product update. Consequently, THIS CRITICAL PATCH IS PROVIDED "AS IS".
TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR
PERFORMANCE OF THIS CRITICAL PATCH NOR DOES IT WARRANT THAT THIS
CRITICAL PATCH IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW,
TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING
BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.


     Contents
     ===================================================================
     1.  Overview of this Critical Patch Release
         1.1 Files Included in this Release
     2.  What's New
     3.  Documentation Set
     4.  System Requirements
     5.  Installation/Uninstallation
     6.  Post-installation Configuration
     7.  Known Issues
     8.  Release History
     9.  Contact Information
     10. About Trend Micro
     11. License Agreement
     ===================================================================


1. Overview of this Critical Patch Release
========================================================================
   This critical patch addresses a vulnerability (bypassing logon 
   password authentication) on the OfficeScan Web console. When an 
   OfficeScan administrator logs on, an attacker can illegally access 
   the password authentication token and take full control of the Web 
   console.

   Note: This critical patch can be applied to any language version 
   that OfficeScan Server supports.

   1.1 Files Included in this Release
   =====================================================================
   Module File Name              Build No.
   ----------------------        ------------
   CGIOCommon.dll                15.0.0.1404


2. What's New
========================================================================
   Critical patch 1404 further secures the OfficeScan session creation 
   token method. 

3. Documentation Set
========================================================================
   o Readme.txt -- basic installation, known issues, release history
     and contact information

   Electronic versions of the printed manuals are available at:
     http://www.trendmicro.com/download


4. System Requirements
========================================================================
   Worry-Free Business Security 5.0
   

5. Installation/Uninstallation
========================================================================

   5.1 Installation
   =====================================================================
   To install Critical Patch 1404:

   1. Copy the Critical Patch executable file to a temporary folder
      For example, "C:\temp".

   2. Double-click the file. The modules are automatically copied to
      the correct destination.

   This Critical Patch installation package automatically rolls back the
   Security Server to its original configuration if there are problems
   during installation.

   If you encounter problems after installation, manually rollback the  
   installation.


   5.2 Manual Rollback Procedure
   =====================================================================
   To manually roll back to the original configuration:

   1. Locate the backup folder that the Critical Patch package created
      in the
      "\PCCSRV\Backup\CriticalPatch_B1404" directory.

   2. Copy the backup modules to the original folders.

   3. Run the "TmTouch.exe" tool to trigger the Critical Patch
      mechanism.

      To run "TmTouch.exe":

      a. Open a command prompt on the server.

      b. At the command prompt, change the directory to
         "PCCSRV\admin\utility\touch".

      c. Use the "TmTouch.exe <file name>" command to run the touch
         tool:

         Note: <file name> is the file that you want to roll back.


6. Post-installation Configuration
========================================================================
   No post-installation steps are required.

   Note: Trend Micro recommends that you update your scan engine and
   virus pattern files immediately after installing this Critical Patch.


7. Known Issues
========================================================================
   There are no known issues for this Critical Patch release.


8. Release History
========================================================================
   Visit the following Web site for more information about updates
   to this product:

   http://www.trendmicro.com/download


9. Contact Information
========================================================================
   A license to the Trend Micro software usually includes the right to
   product updates, pattern file updates, and basic technical support
   for one (1) year from the date of purchase only. After the first
   year, Maintenance must be renewed on an annual basis at Trend Micro's
   then-current Maintenance fees.

   You can contact Trend Micro via fax, phone, and email, or visit us
   at:

   http://www.trendmicro.com

   Evaluation copies of Trend Micro products can be downloaded from our
   Web site.

   Global Mailing Address/Telephone numbers
   ========================================
   For global contact information in the Asia/Pacific region, Australia
   and New Zealand, Europe, Latin America, and Canada, refer to:

   http://www.trendmicro.com/en/about/overview.htm

   The Trend Micro "About Us" screen displays. Click the appropriate
   link in the "Contact Us" section of the screen.

   Note: This information is subject to change without notice.


10. About Trend Micro
========================================================================
   Trend Micro, Inc. provides virus protection, anti-spam, and
   content-filtering security products and services. Trend Micro allows
   companies worldwide to stop viruses and other malicious code from a
   central point before they can reach the desktop.

   Copyright 2008, Trend Micro Incorporated. All rights reserved.
   Trend Micro, the t-ball logo, Worry-Free, and OfficeScan are 
   trademarks of Trend Micro Incorporated and are registered in some 
   jurisdictions. 
   All other marks are the trademarks or registered trademarks of their
   respective companies.


11. License Agreement
========================================================================
   Information about your license agreement with Trend Micro can be
   viewed at:

   http://www.trendmicro.com/en/purchase/license/

   Third-party licensing agreements can be viewed:
     - By selecting the "About" option in the application user interface
     - By referring to the "Legal" page of the Getting Started Guide or
       Administrator's Guide


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSLeBnSh9+71yA2DNAQL43AP+KutmLQqOcDhEqFvq9EXGiq+Kx5/Dey4F
Rzg/rvULtmD1odKjFuHSCCTPbYH7chf+JiYMM/VC9p1rnXb4LXjx8r6U0FZmaqAr
SX+g9c1hkwlWJOFBRs0uVp0lo29ZqtegF7nOzgr/LEfB6N/fk051yvsl37UhuNRA
h4buSy+Err0=
=Rn0B
-----END PGP SIGNATURE-----