<<<>>> Trend Micro, Inc. May 16, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan(TM) Web Security Virtual Appliance 6.0 Service Pack 1 Critical Patch - Build 1255 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Critical Patch was developed as a workaround or solution to a customer-reported problem. As such, this Critical Patch has received limited testing and has not been certified as an official product update. Consequently, THIS HOT FIX IS PROVIDED "AS IS." TREND MICRO MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS ERROR FREE. TO THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. Contents =================================================================== 1. Critical Patch Release Information 1.1 Issues 1.2 Enhancements 1.3 Files Included in this Release 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installation 4.2 Uninstallation 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hot Fixes 8. Contact Information 9. About Trend Micro 10. License Agreement =================================================================== 1. Critical Patch Release Information ====================================================================== 1.1 Issues =================================================================== This Critical Patch resolves the following issue: Issue: [Critical Patch 1255] (TT-338692, TT-338693, TT-338695, and TT-340002) Several APIs which are used by IWSVA could allow remote code execution ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This Critical Patch resolves the issue. 1.2 Enhancements =================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in this Release =================================================================== A. Files for Current Issues ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- libdaemon.so 1254 svcmonitor 1254 isdelvd 1254 Files for Issue ------------------------------------------------------------------- Filename Build No. ------------------------------------------------------------------- IWSSGui.jar 1255 B. Files for Previous Issues ------------------------------------------------------------------- libHTTPSDecryption.so 1254 2. Documentation Set ====================================================================== In addition to this readme.txt, the documentation set for this product includes the following: o Readme.txt - basic installation, known issues, release history and contact information o Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 3. System Requirements ====================================================================== Trend Micro recommends installing IWSVA 6.0 Service Pack 1 with Patch 2 Build 1240 before installing this Critical Patch. 4. Installation/Uninstallation ====================================================================== 4.1 Installation =================================================================== To install this Critical Patch: 1. Download the "iwsva_60_sp1_ar64_en_cpb1255.tgz" Critical Patch file to your local hard disk. 2. Log on to the IWSVA administrator console. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the "iwsva_60_sp1_ar64_en_cpb1255.tgz" Critical Patch file and click "Open". 6. Click "Upload". Your browser uploads the Critical Patch file to IWSVA which validates if the file is a legitimate Critical Patch. 7. Click "Install" to apply the Critical Patch and update IWSVA to build 1255. The HTTP and FTP services in IWSVA restart automatically. NOTE: Applying this Critical Patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 8. Clear the browser cache. 4.2 Uninstallation =================================================================== To uninstall the Critical Patch: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "cpb1255" and verify the Critical Patch ID and description in the confirmation page that appears. 4. Click "Uninstall" to remove Critical Patch 1255 and rollback IWSVA to the previous build. The HTTP and FTP services in IWSVA restart automatically. NOTE: Removing this Critical Patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this Critical Patch. 6. Known Issues ====================================================================== There are no known issues for this Critical Patch release. 7. Release History ====================================================================== See the following web site for more information about updates to this product: http://www.trendmicro.com/download/product.asp?productid=86 7.1 Prior Hot Fixes =================================================================== Note: Only the new Critical Patch was tested for this release. Prior hot fixes were tested at the time of their release. Hot Fix 1244 Issue: [Hot Fix 1244] (TT-299378) IWSVA 6.0 is affected by XXE vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix resolves the XXE vulnerabilities in IWSVA 6.0. Hot Fix 1247 Issue: [Hot Fix 1247] (TT-305737) IWSVA 6.0 may not be able to detect threats while Custom Defense is enabled and the Exploits Scan Action is set to "Monitor". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that IWSVA 6.0 can successfully detect threats while Custom Defense is enabled and the Exploits Scan Action is set to "Monitor". Hot Fix 1248 Issue: [Hot Fix 1248] (TT-309185) IWSVA 6.0 recognizes the Paypal(TM) application as the KakaoTalk application. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that IWSVA 6.0 recognizes Paypal correctly. Hot Fix 1249 Issue: [Hot Fix 1249] (TT-309575) IWSVA 6.0 still generates application logs for a client computer several hours after the computer has been powered off. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix ensures that IWSVA 6.0 writes application logs in a timely manner so that it no longer generates logs several hours after a computer has been powered off. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure: To enable this solution: a. Open the "/etc/iscan/intscan.ini" file using a text editor. b. Add or edit the value of the "app_log_timely" option under the "app-control" section and set it to "yes". [app-control} app_log_timely = yes c. Save the changes and close the file. d. Restart the IWSVA application control daemon. Hot Fix 1251 Issue 1: [Hot Fix 1251] (TT-320685) IWSVA 6.0 Service Pack 1 cannot register to Trend Micro Control Manager(TM) 6.0 when the content cache is enabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This hot fix updates the MCP Agent module to ensure that IWSVA 6.0 Service Pack 1 can register to Control Manager 6.0 without issues. Issue 2: [Hot Fix 1251] (TT-321729) When Trend Micro Data Loss Prevention(TM) (DLP) is enabled, IWSVA 6.0 cannot block users from sending email messages that violate DLP rules through Gmail(TM). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hot fix ensures that when DLP is enabled, IWSVA 6.0 blocks email messages that violate DLP rules. Hot Fix 1254 Issue: [Hot Fix 1254] (TT-329817) The InterScan Web Security Virtual Appliance (IWSVA) 6.0 Service Pack 1 HTTPS decryption feature does not support TLS 1.1 and TLS 1.2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: This hot fix updates the HTTPS decryption module to enable it to support TLS 1.1 and TLS 1.2. 8. Contact Information ====================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro by fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 9. About Trend Micro ====================================================================== As a global leader in cloud security, Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. With over 20 years of experience, Trend Micro provides top-ranked client, server, and cloud-based solutions that stop threats faster and protect data in physical, virtualized, and cloud environments. As new threats and vulnerabilities emerge, Trend Micro remains committed to helping customers secure data, ensure compliance, reduce costs, and safeguard business integrity. For more information, visit: http://www.trendmicro.com Trend Micro, the t-ball logo, Data Loss Prevention, InterScan, and Control Manager are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright 2015, Trend Micro Incorporated. All rights reserved. 10. License Agreement ====================================================================== Information about your license agreement with Trend Micro can be viewed at: http://us.trendmicro.com/us/about/company/user_license_agreements/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide