1. Overview of This Critical Patch Release

Issues

This Critical Patch resolves the following issue(s):

Issue 1

The vulnerability CVE-2023-3823 affects Deep Discovery Inspector 6.5

Solution

This critical patch resolves the vulnerability.

Procedure

Install at least one of the following hotfixes or patches before installing this critical patch:

  • Patch1 Build 1145
  • Hotfix Build 1150
  • Hotfix Build 1151
  • Hotfix Build 1156
  • Hotfix Build 1157
  • Hotfix Build 1158
  • Hotfix Build 1159
  • Hotfix Build 1162

Issue 2

The vulnerability CVE-2023-3824 affects Deep Discovery Inspector 6.5

Solution

This critical patch resolves the vulnerability.

Procedure

Install at least one of the following hotfixes or patches before installing this critical patch:

  • Patch1 Build 1145
  • Hotfix Build 1150
  • Hotfix Build 1151
  • Hotfix Build 1156
  • Hotfix Build 1157
  • Hotfix Build 1158
  • Hotfix Build 1159
  • Hotfix Build 1162

Files Included in This Release

There are no files included in this Critical Patch release.

2. Documentation Set

To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com

  • Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product.


To access the Online Help, go to http://docs.trendmicro.com

  • Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product.
  • Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product.
  • Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'.
  • Support Portal: The Support Portal contains information on troubleshooting and resolving known issues.
  • To access the Support Portal, go to http://success.trendmicro.com

3. System Requirements

1. Deep Discovery Inspector 6.5 GM Build 1129 - English - Linux - x64

2. Deep Discovery Inspector 6.5 GM Patch Build 1145 - English - Linux - x64

4. Installation

Installing

  1. Open the Deep Discovery Inspector web console.
  2. Go to Administration > Updates > Product Updates > Hot Fixes / Patches.
  3. Under Install Hot Fix / Patch, click "Browse" to select the "ddi_6.50_lx_en_criticalpatch1166_b1166.tar.gz.tar" file from the folder where you extracted the hotfix files.
  4. Click "Install".
  5. Click "Continue" after the upload process finished.
  6. Clear the browser cache.

Uninstalling

  1. Open the Deep Discovery Inspector web console.
  2. Go to Administration > Updates > Product Updates > Hot Fixes / Patches.
  3. Under History, click "Roll Back".
  4. Click "OK" when a confirmation message appears.

5. Post-installation Configuration

No post-installation steps are required.

NOTE: Trend Micro recommends updating the scan engine and virus pattern files immediately after installing the product.

6. Known Issues

There are no known issues for this Critical Patch release.

7. Release History

Prior Hotfixes

Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release.
Issue Hotfix 1162

The system may sometimes display the "500 Internal Server Error" error message when users try to access the Administration > System Settings > Network Interface screen in the web console.

Solution

This Hotfix resolves this issue.

Enhancement Hotfix 1159

This Hotfix removes weak ciphers in Deep Discovery Inspector to comply with the inclusion requirements for the Spanish National Cryptologic Center (CCN) STIC Products and Services Catalogue (CPSTIC).

Issue Hotfix 1158

The "Top 20 Threats detected by Virtual Analyzer" section in summary reports displays threats that were not actually detected by Virtual Analyzer.

Solution

This hotfix resolves this issue.

Issue Hotfix 1158

After resolving issue 1, the "Top 20 Threats detected by Virtual Analyzer" section in summary reports becomes the same as the "Top 10 Threats detected exclusively by Virtual Analyzer" section.

The only distinction between both sections is the number of records displayed—20 versus 10. The actual threats listed are the same.

Solution

Remove the "Top 10 Threats detected exclusively by Virtual Analyzer" from summary reports.

Issue Hotfix 1157

The following vulnerabilities affect Deep Discovery Inspector:

  • CVE-2023-0464
  • CVE-2023-0465
  • CVE-2023-0466
  • CVE-2023-2650

Solution

This hotfix updates the OpenSSL version included with Deep Discovery Inspector to fix the vulnerabilities.

Issue Hotfix 1156

The Dashboard widget "Malicious Scanned Network Traffic" displays traffic from the detection logs with the severity level set to "informational".

Solution

This hotfix resolves this issue.

Issue Hotfix 1156

When processing detection logs, an unexpected error might cause Deep Discovery Inspector to stop sending detection logs to the Threat Investigation Center.

Solution

This hotfix resolves the error and allows Deep Discovery Inspector to continue sending logs to the Threat Investigation Center.

Issue Hotfix 1151

When navigating to the Top Affected Hosts screen and clicking an affected host in the table, if the Monitored Network Group name contains a backslash ( \ ), the Host Details page does not display any information.

Solution

This hotfix resolves this issue.

Issue Hotfix 1150

Deep Discovery Inspector is sometimes unable to sync Network Groups from Deep Discovery Director.

Solution

This hotfix resolves the issue.

8. Contact Information

A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees.

Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products.

https://www.trendmicro.com/en_us/contact.html

NOTE: This information is subject to change without notice.

9. About Trend Micro

Smart, simple, security that fits.

As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information.

Copyright 2023, Trend Micro Incorporated. All rights reserved.

Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

10. License Agreement

View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html

Third-party licensing agreements can be viewed:

  • By selecting the "About" option in the application user interface
  • By referring to the "Legal" page of the Administrator's Guide
Back to Top