<> Trend Micro, Inc. March 10, 2008 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) 8.0 Critical Patch - Build 1242 CGI modules ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Files Included in this Release 2. What's New 3. Documentation Set 4. System Requirements 5. Installation/ Uninstallation 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this Critical Patch Release ======================================================================== This critical patch addresses the following potential security issues in the Trend Micro OfficeScan server CGI modules. 1. A vulnerability may allow attackers to trigger a buffer overflow and execute arbitrary code using Web user privileges. 2. A vulnerability may allow attackers to trigger a null pointer defect and cause the target child process to quit and potentially cause denial of service conditions. 1.1 Files Included in this Release ===================================================================== Module File Name Build No. ---------------- --------- cgiCAV.exe 8.0.0.1242 cgiCheckIP.exe 8.0.0.1242 cgiCMAgent.exe 8.0.0.1242 cgiImportInfo.exe 8.0.0.1242 cgiLog.exe 8.0.0.1242 CGIOCommon.dll 8.0.0.1242 cgiOnClientCfg.exe 8.0.0.1242 cgiOnClose.exe 8.0.0.1242 cgiOnInst.exe 8.0.0.1242 cgiOnMSCfg.exe 8.0.0.1242 cgiOnPSCfg.exe 8.0.0.1242 cgiOnRTCfg.exe 8.0.0.1242 cgiOnScan.exe 8.0.0.1242 cgiOnSpecialLog.exe 8.0.0.1242 cgiOnStart.exe 8.0.0.1242 cgiOnUnst.exe 8.0.0.1242 cgiOnUpd.exe 8.0.0.1242 cgiOnUpdate.exe 8.0.0.1242 cgiRecvFile.exe 8.0.0.1242 cgiRqAlertMsg.exe 8.0.0.1242 cgiRqCfg.exe 8.0.0.1242 cgiRqHotFix.exe 8.0.0.1242 cgiRqINI.exe 8.0.0.1242 cgiRqOPP.exe 8.0.0.1242 cgiRqService.exe 8.0.0.1242 cgiRqUnInst.exe 8.0.0.1242 cgiRqUpd.exe 8.0.0.1242 CGIShare.dll 8.0.0.1242 cgiChkMasterPwd.exe 8.0.0.1242 CGIOCommon.dll 8.0.0.1242 cgiShowSmb.exe 8.0.0.1242 cgiWebUpdate.exe 8.0.0.1242 PolicyServer.exe 8.0.0.1242 cgiABConsole.exe 8.0.0.1242 cgiABLogon.exe 8.0.0.1242 CGIOCommonN.dll 8.0.0.1242 RemoveCtrl.cab Setup.cab SetupINI.cab AtxConsole.cab AtxConsole.ocx 8.0.0.1242 AtxEnc.cab AtxPie.cab 2. What's New ======================================================================== Critical patch 1242 resolves the following issues: 1. A buffer overflow vulnerability may be exploited to execute arbitrary code with Web user privileges. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Critical patch 1242, the buffer overflow issue is addressed by replacing old modules with the updated modules. 2. By sending the crafted HTTP headers, the null pointer defect can cause the target child process to quit and potentially cause denial of service conditions, if there is a series of inactive processes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After applying Critical patch 1242, the new CGI modules will enhance error handling to address this issue. 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 4. System Requirements ======================================================================== The same critical patch requirements after OfficeScan 8.0 patch 2. 5. Installation/Uninstallation ======================================================================== 5.1 Installation Notes ===================================================================== To install this critical patch: 1. Copy the critical patch executable file to a temporary folder (for example, "C:\temp"). 2. Double-click the file. The modules are automatically copied to the correct destination. 5.2 Rollback Procedure ===================================================================== This critical patch installation package rolls back OfficeScan Server automatically if it encounters any problems during installation. If you encounter any problems after installation, perform manual rollback. To manually roll back to the original configuration: 1. Stop the following services: * OfficeScan Master Service * Trend Micro Policy Server for Cisco NAC 2. Locate the backup folder that the critical patch package created in the directory \Trend Micro\PCCSRV\Backup\criticalPatch_B1242. 3. Copy the backup modules to the original folders. * Copy "PolicyServer\*.*" to: "\Trend Micro\PolicyServer" * Copy "PCCSRV\*.*" to: "\Trend Micro\PCCSRV\" 4. Start the services you stopped in step 1. Note: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation or online at: http://olr.trendmicro.com/ 6. Post-Installation Configuration ======================================================================== There are no post-installation steps required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 7. Known Issues ======================================================================== There are no known issues for this critical patch release. 8. Release History ======================================================================== Visit the following Web site for more information about updates to this product: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2008, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide