1. Critical Patch Release Information

Resolved Known Issues

This Critical Patch resolves the following issue(s):

Issue 1 (VRTS-3171)

A directory traversal vulnerability may allow an attacker to modify arbitrary files on the product's management console.

Solution:

This critical patch updates the Apex One server program to remove the vulnerability.

Enhancements

There are no enhancements for this Critical Patch release.

Files Included in this Release

A. Files for Current Issue(s)
-------------------------------------------------------------------
Filename                                               Build Number
------------------------------                         ------------
Apex One\PCCSRV\Web\Service\
-------------------------------------------------------------------
OfcService.exe                                         14.0.0.1101

Apex One\PCCSRV\Web_OSCE\Web\CGI\
-------------------------------------------------------------------
cgiRecvFile.exe                                        14.0.0.1101

Apex One\PCCSRV\Pccnt\Common\
-------------------------------------------------------------------
TmListen.exe                                           14.0.0.1037

Apex One\PCCSRV\Pccnt\Win64\X64\
-------------------------------------------------------------------
TmListen.exe                                           14.0.0.1037

2. Documentation Set

To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com

  • Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.

To access the Online Help, go to http://docs.trendmicro.com

  • Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
  • Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
  • Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
  • Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
  • To access the Support Portal, go to http://esupport.trendmicro.com

3. System Requirements

1. Trend Micro Apex One™ Build 1066 - English - Windows - x32-x64

4. Installation/Uninstallation

Installing

To install:

  1. Copy the Critical Patch executable file to a temporary folder on the server, for example, "C:\temp".
  2. Double-click the file. The modules are automatically copied to the correct destination.

This Critical Patch installation package automatically rolls back the Apex One server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback.

Uninstalling

To manually roll back to the previous build:

  1. Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\Critical Patch_B1101" directory.
  2. Stop the Apex One Master Service.
  3. Stop the Apex One Apex Central Agent Service.
  4. Copy the backup modules to the original folders.
  5. Start the Apex One Apex Central Agent Service.
  6. Start the Apex One Master Service.

5. Post-installation Configuration

No post-installation steps are required.

NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product.

6. Known Issues

There are no known issues for this Critical Patch release.

7. Release History

Prior Hotfixes


Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release.

8. Contact Information

A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

http://www.trendmicro.com/us/about-us/contact/index.html

NOTE: This information is subject to change without notice.

9. About Trend Micro

Smart, simple, security that fits

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2019, Trend Micro Incorporated. All rights reserved.

Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

10. License Agreement

View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/license-agreements/

Third-party licensing agreements can be viewed:

  • By selecting the "About" option in the application user interface
  • By referring to the "Legal" page of the Administrator's Guide