Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0843 -- [Win] Worry-Free Business Security 5.0 - Security Server Critical Patch 29 August 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Trend Micro Worry-Free Business Security 5.0 Publisher: Trend Micro Operating System: Windows Impact: Administrator Compromise Access: Remote/Unauthenticated CVE Names: CVE-2008-2433 Original Bulletin: http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt - --------------------------BEGIN INCLUDED TEXT-------------------- Trend Micro, Inc. August 20, 2008 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Worry-Free Business Security 5.0 - Security Server Critical Patch - Build 1404 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Critical Patch was developed as a workaround or solution to a customer-reported problem. As such, this Critical Patch has received limited testing and has not been certified as an official product update. Consequently, THIS CRITICAL PATCH IS PROVIDED "AS IS". TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS CRITICAL PATCH NOR DOES IT WARRANT THAT THIS CRITICAL PATCH IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Files Included in this Release 2. What's New 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this Critical Patch Release ======================================================================== This critical patch addresses a vulnerability (bypassing logon password authentication) on the OfficeScan Web console. When an OfficeScan administrator logs on, an attacker can illegally access the password authentication token and take full control of the Web console. Note: This critical patch can be applied to any language version that OfficeScan Server supports. 1.1 Files Included in this Release ===================================================================== Module File Name Build No. ---------------------- ------------ CGIOCommon.dll 15.0.0.1404 2. What's New ======================================================================== Critical patch 1404 further secures the OfficeScan session creation token method. 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues, release history and contact information Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 4. System Requirements ======================================================================== Worry-Free Business Security 5.0 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== To install Critical Patch 1404: 1. Copy the Critical Patch executable file to a temporary folder For example, "C:\temp". 2. Double-click the file. The modules are automatically copied to the correct destination. This Critical Patch installation package automatically rolls back the Security Server to its original configuration if there are problems during installation. If you encounter problems after installation, manually rollback the installation. 5.2 Manual Rollback Procedure ===================================================================== To manually roll back to the original configuration: 1. Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\CriticalPatch_B1404" directory. 2. Copy the backup modules to the original folders. 3. Run the "TmTouch.exe" tool to trigger the Critical Patch mechanism. To run "TmTouch.exe": a. Open a command prompt on the server. b. At the command prompt, change the directory to "PCCSRV\admin\utility\touch". c. Use the "TmTouch.exe <file name>" command to run the touch tool: Note: <file name> is the file that you want to roll back. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this Critical Patch. 7. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 8. Release History ======================================================================== Visit the following Web site for more information about updates to this product: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ======================================== For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2008, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Worry-Free, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSLeBnSh9+71yA2DNAQL43AP+KutmLQqOcDhEqFvq9EXGiq+Kx5/Dey4F Rzg/rvULtmD1odKjFuHSCCTPbYH7chf+JiYMM/VC9p1rnXb4LXjx8r6U0FZmaqAr SX+g9c1hkwlWJOFBRs0uVp0lo29ZqtegF7nOzgr/LEfB6N/fk051yvsl37UhuNRA h4buSy+Err0= =Rn0B -----END PGP SIGNATURE-----