<<<>>> Trend Micro, Inc. April 13, 2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003 Security Patch 3 - Build 1176 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Security Patch Release 1.1 Files Included in this Release 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this Security Patch Release ======================================================================== This security patch addresses a buffer overflow vulnerability in the ServerProtect module "AgRpcCln.dll". 1.1 Files Included in This Release ===================================================================== Module File Name Build No. NT Server admin.exe 5.58 build 1176 adm_enu.dll 5.58 build 1176 AgentClient.dll 5.58 build 1176 AgRpcCln.dll 5.58 build 1176 cert5.db ciussi32.dll 2.0 build 1026 EarthAgent.exe 5.58 build 1176 Eng50.dll 5.58 build 1176 EventMsg2.dll 5.58 build 1176 Logdb.dll 5.58 build 1176 LogDbTool.dll 5.58 build 1176 LogViewer.exe 5.58 build 1176 LogMaster.dll 5.58 build 1176 Notification.dll 5.58 build 1176 Patch.exe 2.80 build 2014 patchbld.dll 5.1.0.0 Patchw32.dll 5.1.0.0 ScanNow.exe 5.58 build 1176 SpntSvc.exe 5.58 build 1176 Spuninst.exe 5.58 build 1176 StCommon.dll 5.58 build 1176 StHotfix.exe 5.58 build 1176 Stopp.exe 5.58 build 1176 StRpcCln.dll 5.58 build 1176 StRpcSrv.dll 5.58 build 1176 StUpdate.exe 5.58 build 1176 TmEng.dll 6.80 build 1034 Tmnotify.dll 1.0 build 1176 Tmopp.dll 5.58 build 1063 TmRpcSrv.dll 5.58 build 1176 Tmupdate.dll 2.80 build 2014 SP5NSLST.ini TSC.ini x500.db hotfix.ini tmsp.mib NetWare Server lprotect.nlm 5.58 build 1176 pscan.nlm 5.58 build 1176 CM Agent Files EN_Utility.dll 1.0 build 1355 Entitymain.exe 1.0 build 1367 LibEN_CM.dll 1.0 build 1364 libEN_Logger.dll 1.0 build 1367 libEN_Product.dll 2.52 build 1053 xerces-c_1_7_0.dll 1.7 2. What's New ======================================================================== An unchecked buffer in the ServerProtect module "AgRpcCln.dll" can overflow and allow attackers to run arbitrary code. An attacker can exploit this vulnerability remotely using RPC and can use it to run code with system account privileges. This release patches this vulnerability. 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 4. System Requirements ======================================================================== No special requirements for installing this security patch. 5. Installation ======================================================================== To install this security patch: 1. Copy the file "spnt_558_win_en_securitypatch3.exe" to a temporary folder on the ServerProtect Information Server. 2. Ensure that the ServerProtect Management Console is not running. 3. Open "spnt_558_win_en_securitypatch3.exe" and follow the instructions to install the patch. The Information Server will deploy the patch to NT Normal Servers 30 seconds after installation is complete, and then it will restart ServerProtect services. Note: If the installation does not complete successfully, review the file "TMPatch.log" in the system root folder before contacting technical support. To roll back to the previous build: 1.) Before you can roll back, run the following shell commands to stop all ServerProtect services: net stop spntsvc net stop earthagent net stop "TrendMicro Infrastructure" 2.) You can find the backup files with extension name "bak" in the ServerProtect home directory. To roll back, just rename the backup files and use them to replace the current files. 3.) After the rollback, run the following commands to start ServerProtect services: net start spntsvc net start earthagent net start "TrendMicro Infrastructure" 6. Post-installation Configuration ======================================================================== No post-installation configuration needed for this patch. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this patch. 7. Known Issues ======================================================================== This release has the following known issues: 7.1 Close the Management Console before applying this patch. Otherwise, the patch installation will fail. 7.2 You cannot install the ServerProtect Normal Server and an OfficeScan(TM) client on the same machine. 7.3 After this patch is applied, the pattern update progress bar may not accurately reflect the actual progress. 8. Release History ======================================================================== See the following Web site for a more information about updates to this product: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2007, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, ServerProtect, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide