<> Trend Micro, Inc. October 16, 2008 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(tm) Worry-Free(tm) Business Security 5.0 - Security Server Critical Patch - Build 1418 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Critical Patch was developed as a workaround or solution to a customer-reported problem. As such, this Critical Patch has received limited testing and has not been certified as an official product update. Consequently, THIS CRITICAL PATCH IS PROVIDED "AS IS". TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS CRITICAL PATCH NOR DOES IT WARRANT THAT THIS CRITICAL PATCH IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Contents =================================================================== 1. Overview of this Critical Patch Release 1.1 Files Included in this Release 2. What's New 3. Documentation Set 4. System Requirements 5. Installation/Uninstallation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this Critical Patch Release ======================================================================== This critical patch addresses a potential security issue that causes a stack-based buffer overflow via a HTTP request with specially crafted form data sent to the Security Server CGI modules. 1.1 Files Included in this Release ===================================================================== Module File Name Build No. ---------------------- ------------ AtxConsole.cab AtxConsole.ocx 15.0.0.1418 AtxEnc.cab AtxPie.cab cgiCAV.exe 15.0.0.1418 cgiCheckIP.exe 15.0.0.1418 cgiImportInfo.exe 15.0.0.1418 cgiLog.exe 15.0.0.1418 CGIOCommon.dll 15.0.0.1418 cgiOnClientCfg.exe 15.0.0.1418 cgiOnClose.exe 15.0.0.1418 cgiOnInst.exe 15.0.0.1418 cgiOnMSCfg.exe 15.0.0.1418 cgiOnPSCfg.exe 15.0.0.1418 cgiOnRTCfg.exe 15.0.0.1418 cgiOnScan.exe 15.0.0.1418 cgiOnStart.exe 15.0.0.1418 cgiOnUpdate.exe 15.0.0.1418 cgiRqAlertMsg.exe 15.0.0.1418 cgiRqCfg.exe 15.0.0.1418 cgiRqINI.exe 15.0.0.1418 cgiRqOPP.exe 15.0.0.1418 cgiRqService.exe 15.0.0.1418 cgiRqUnInst.exe 15.0.0.1418 cgiShowCAV.exe 15.0.0.1418 cgiShowSmb.exe 15.0.0.1418 2. What's New ======================================================================== After applying Critical patch 1418, the buffer overflow issue is addressed by replacing old modules with updated modules. 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues, release history and contact information Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 4. System Requirements ======================================================================== Install Worry-Free Business Security 5.0 before installing this Critical Patch. 5. Installation/Uninstallation ======================================================================== 5.1 Installation ===================================================================== To install Critical Patch 1418: 1. Copy the Critical Patch executable file to a temporary folder For example, "C:\temp". 2. Double-click the file. The modules are automatically copied to the correct destination. This Critical Patch installation package automatically rolls back the Security Server to its original configuration if there are problems during installation. If you encounter problems after installation, do manually rollback the installation. 5.2 Manual Rollback Procedure ===================================================================== To manually roll back to the original configuration: 1. Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\CriticalPatch_B1418" directory. 2. Copy the backup modules to the original folders. 3. Run the "TmTouch.exe" tool to trigger the Critical Patch mechanism. To run "TmTouch.exe": a. Open a command prompt on the server. b. At the command prompt, change the directory to "PCCSRV\admin\utility\touch". c. Use the "TmTouch.exe " command to run the touch tool: Note: is the file that you want to roll back. 6. Post-installation Configuration ======================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this Critical Patch. 7. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 8. Release History ======================================================================== Visit the following Web site for more information about updates to this product: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ======================================== For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2008, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, Worry-Free, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide