<> Trend Micro Incorporated April 14, 2017 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) OfficeScan(TM) XG Critical Patch - Server Build 1352 and Agent Module Build 1230 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ========================================================== 1. Overview of This Critical Patch Release 1.1 Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ========================================================== 1. Overview of this Critical Patch Release ====================================================================== This critical patch updates the OfficeScan agent program to resolve several vulnerabilities and ensures that encrypted passwords are secure during web console operations. 1.1 Issues =================================================================== This critical patch resolves the following issues: (VRTS-283) Issue 1: When the Web Reputation Service (WRS) of the OfficeScan agent program blocks access to a certain webpage, it displays the "Website blocked by Trend Micro OfficeScan" alert page instead. This alert page may be affected by XSS vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This critical patch updates the OfficeScan agent program to resolve the XSS vulnerabilities. (VRTS-393) Issue 2: Encrypted account passwords may leak out during web console operations. Unauthorized users could use the leaked encrypted password to log on to the OfficeScan server console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This critical patch ensures that encrypted passwords are secure during web console operations. 1.2 Enhancements =================================================================== This critical patch provides the following enhancement: (VRTS-615) Enhancement: This critical patch updates the OfficeScan agent program to improve its self-protection mechanism to protect against a local attacker to inject malicious code. 1.3 Files Included in this Release =================================================================== Installation Path and Filename Build Number ------------------------------ ------------ OfficeScan\PCCSRV\Admin\Utility\SQL\*.* OfficeScan\PCCSRV\Admin\Utility\SQL\ ------------------------------------------------------------------- libSQLDatabaseUpgrade.dll 12.0.0.1352 OfficeScan\PCCSRV\ ------------------------------------------------------------------- CGIResUTF8.dll 12.0.0.1352 SvrSvcSetup.exe 12.0.0.1352 OfficeScan\PCCSRV\Admin\Utility\PolicyExportTool\ ------------------------------------------------------------------- CGIResUTF8.dll 12.0.0.1352 OfficeScan\PCCSRV\Download\Product\ ------------------------------------------------------------------- DlpLite_Common.zip DlpLite_Common_x64.zip OfficeScan\PCCSRV\Engine\ ------------------------------------------------------------------- TmAegisSysEvt.dll 2.976.0.1175 TMBMCLI.dll 2.976.0.1175 TMBMSRV.exe 2.976.0.1175 tmcomeng.dll 2.976.0.1175 TmEngDrv.dll 2.976.0.1175 TMPEM.dll 2.976.0.1175 tmwlutil.dll 2.976.0.1175 OfficeScan\PCCSRV\Engine\X64\ ------------------------------------------------------------------- TmAegisSysEvt.dll 2.976.0.1175 TMBMCLI.dll 2.976.0.1175 TMBMSRV.exe 2.976.0.1175 tmcomeng.dll 2.976.0.1175 TmEngDrv.dll 2.976.0.1175 TMPEM.dll 2.976.0.1175 tmwlutil.dll 2.976.0.1175 OfficeScan\PCCSRV\LWCS\ ------------------------------------------------------------------- Build.exe 2.85.0.1180 cert5.db ciuas32.dll 1.0.0.2075 ciussi32.dll 2.0.0.2074 libcurl.dll 7.50.0.0 libeay32.dll 1.0.2.10 LWCSService.exe 3.0.0.1304 patch.exe 2.85.0.1180 patchbld.dll 12.21.0.0 PATCHW32.DLL 12.21.0.0 ssleay32.dll 1.0.2.10 TmUpdate.dll 2.85.0.1180 UpdateWCSPattern.bat x500.db OfficeScan\PCCSRV\Pccnt\ ------------------------------------------------------------------- ClientConsole.zip NTRtScan.exe 13.0.0.1230 OfficeScan\PCCSRV\Pccnt\Common\ ------------------------------------------------------------------- CCSF_WIN32.zip fcWofieUI.dll 13.0.0.1230 ICRCHdler.dll 2.7.0.1103 libcurl.dll 7.49.1.0 libeay32.dll 1.0.2.10 NTRmv.exe 13.0.0.1230 OfcCCCAUpdate.exe 13.0.0.1230 OfcPIPC.dll 13.0.0.1230 PccNTMon.exe 13.0.0.1230 perfiCrcPerfMonMgr.dll 2.82.0.1025 ssleay32.dll 1.0.2.10 TmListen.exe 13.0.0.1230 TmListenShare.dll 13.0.0.1230 TmopCfg.dll 3.0.0.1029 TmopsmHttp.dll 3.0.0.1029 TmSock.dll 13.0.0.1230 upgrade.exe 13.0.0.1230 OfficeScan\PCCSRV\Pccnt\Drv\ ------------------------------------------------------------------- tmactmon.cat tmactmon.inf tmactmon.sys 2.976.0.1174 tmevtmgr.cat tmevtmgr.inf tmevtmgr.sys 2.976.0.1174 OfficeScan\PCCSRV\Pccnt\Drv\X64\ ------------------------------------------------------------------- tmactmon.cat tmactmon.inf tmactmon.sys 2.976.0.1174 tmevtmgr.cat tmevtmgr.inf tmevtmgr.sys 2.976.0.1174 OfficeScan\PCCSRV\Pccnt\Win64\X64\ ------------------------------------------------------------------- CCSF_X64.zip fcWofieUI.dll 13.0.0.1230 ICRCHdler.dll 2.7.0.1103 libcurl.dll 7.49.1.0 libeay32.dll 1.0.2.10 NTRmv.exe 13.0.0.1230 Ntrtscan.exe 13.0.0.1230 OfcCCCAUpdate.exe 13.0.0.1230 OfcPIPC_64x.dll 13.0.0.1230 PccNTMon.exe 13.0.0.1230 perfiCrcPerfMonMgr.dll 2.82.0.1025 ssleay32.dll 1.0.2.10 TmListen.exe 13.0.0.1230 TmListenShare_64x.dll 13.0.0.1230 TmopCfg.dll 3.0.0.1029 TmopsmHttp.dll 3.0.0.1029 TmSock_64x.dll 13.0.0.1230 upgrade.exe 13.0.0.1230 OfficeScan\PCCSRV\Download\Engine\ ------------------------------------------------------------------- BMdriver_x32.zip BMdriver_x64.zip bmservice_x32.zip bmservice_x64.zip BMdriver_x32.sig BMdriver_x64.sig bmservice_x64.sig bmservice_x64.sig OfficeScan\PCCSRV\Web\Service\ ------------------------------------------------------------------- CGIOCommon.dll 12.0.0.1352 GIResUTF8.dll 12.0.0.1352 CmdHLClient.dll 12.0.0.1352 CmdHOConsole.dll 12.0.0.1352 DbServer.exe 12.0.0.1352 libCmdHndlrClientV2.dll 12.0.0.1352 libCmdHndlrConsoleV2.dll 12.0.0.1352 libCmdHndlrDda.dll 12.0.0.1352 OfcDownload.dll 12.0.0.1352 OfcNotifyQueue.dll 12.0.0.1352 OfcService.exe 12.0.0.1352 OfccccaUpdate.exe 12.0.0.1352 OfficeScan\PCCSRV\Web_OSCE\Web\CGI\ ------------------------------------------------------------------- cgiExportInfo.exe 12.0.0.1352 CGIOCommon.dll 12.0.0.1352 cgiOnQueryClientBindPort.exe 12.0.0.1352 CGIResUTF8.dll 12.0.0.1352 SSO_PKIHelper.dll 5.0.0.2270 OfficeScan\PCCSRV\Web_OSCE\Web_console\CGI\ ------------------------------------------------------------------- cgiAuthManagement.exe 12.0.0.1352 cgiCmdNotify.exe 5.0.0.2270 CGIOCommon.dll 12.0.0.1352 CGIResUTF8.dll 12.0.0.1352 cgiShowActiveDirectory.exe 12.0.0.1352 cgiShowClientAdm.exe 12.0.0.1352 SSO_PKIHelper.dll 5.0.0.2270 TrendAprWrapperDll.dll 5.0.0.2270 OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\aegis\ ------------------------------------------------------------------- device_control.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\Auth\ ------------------------------------------------------------------- admin_account_info.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\clientmag\ ------------------------------------------------------------------- client_list_2.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\HTML\compliance_report\ ------------------------------------------------------------------- out_of_management_scope.htm OfficeScan\PCCSRV\Web_OSCE\Web_console\RemoteInstallCGI\ ------------------------------------------------------------------- CGIResUTF8.dll 12.0.0.1352 B. Files for Previous Issues ------------------------------------------------------------------- Not applicable. C. Network Traffic Required for Deployment ------------------------------------------------------------------- Estimated size (in terms of bandwidth) of deployed agent files in this critical patch. - 32-bit agent total = 51.3 MB - 64-bit agent total = 69.9 MB 2. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com 3. System Requirements ====================================================================== Trend Micro recommends installing OfficeScan XG server build before installing this critical patch. 4. Installation ====================================================================== This section explains key steps for installing the critical patch. 4.1 Installing =================================================================== To install this critical patch: 1. Copy the critical patch executable file to a temporary folder, for example, "C:\temp". 2. Double-click the file. The modules are automatically copied to the correct destination. This critical patch installation package automatically rolls back the OfficeScan server to its previous configuration if there are problems during installation. If you encounter problems after installation, do a manual rollback. 4.2 Uninstalling =================================================================== To manually roll back to its previous configuration: 1. Locate the backup folder that the Critical Patch package created in the "\PCCSRV\Backup\CriticalPatch_B1352" directory. 2. Stop the OfficeScan Master Service. 3. Stop the OfficeScan Control Manager Agent service. 4. Copy the backup modules to the original folders. 5. Start the OfficeScan Control Manager Agent service. 6. Start the OfficeScan Master Service. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ====================================================================== There are no known issues for this critical patch release. 7. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 8. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 9. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, OfficeScan, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 10. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: http://www.trendmicro.com/us/about-us/legal-policies/ license-agreements Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide