Trend Micro, Inc. July 27, 2007 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServerProtect(TM) 5.58 for Windows(TM) NT/2000/2003 Security Patch 4 - Build 1185 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents =================================================================== 1. Overview of this Security Patch Release 1.1 Files Included in this Release 2. What's New 3. Documentation Set 4. System Requirements 5. Installation 6. Post-installation Configuration 7. Known Issues 8. Release History 9. Contact Information 10. About Trend Micro 11. License Agreement =================================================================== 1. Overview of this Security Patch Release ======================================================================== This security patch addresses buffer overflow vulnerabilities in ServerProtect modules "EarthAgent.exe", "eng50.dll", "StRpcSrv.dll", and "StCommon.dll". 1.1 Files Included in This Release ===================================================================== Module File Name Build No. NT Server admin.exe 5.58 build 1185 adm_enu.dll 5.58 build 1185 AgentClient.dll 5.58 build 1185 AgRpcCln.dll 5.58 build 1185 cert5.db ciussi32.dll 2.0 build 1026 EarthAgent.exe 5.58 build 1185 Eng50.dll 5.58 build 1185 EventMsg2.dll 5.58 build 1185 Logdb.dll 5.58 build 1185 LogDbTool.dll 5.58 build 1185 LogViewer.exe 5.58 build 1185 LogMaster.dll 5.58 build 1185 Notification.dll 5.58 build 1185 Patch.exe 2.80 build 2014 patchbld.dll 5.1.0.0 Patchw32.dll 5.1.0.0 ScanNow.exe 5.58 build 1185 SpntSvc.exe 5.58 build 1185 Spuninst.exe 5.58 build 1185 StCommon.dll 5.58 build 1185 StHotfix.exe 5.58 build 1185 Stopp.exe 5.58 build 1185 StRpcCln.dll 5.58 build 1185 StRpcSrv.dll 5.58 build 1185 StUpdate.exe 5.58 build 1185 TmEng.dll 6.80 build 1034 Tmnotify.dll 1.0 build 1185 Tmopp.dll 5.58 build 1063 TmRpcSrv.dll 5.58 build 1185 Tmupdate.dll 2.80 build 2014 SP5NSLST.ini TSC.ini x500.db hotfix.ini tmsp.mib NetWare Server lprotect.nlm 5.58 build 1185 pscan.nlm 5.58 build 1185 CM Agent Files EN_Utility.dll 1.0 build 1355 Entitymain.exe 1.0 build 1367 LibEN_CM.dll 1.0 build 1364 libEN_Logger.dll 1.0 build 1367 libEN_Product.dll 2.52 build 1053 xerces-c_1_7_0.dll 1.7 2. What's New ======================================================================== This security patch addresses buffer overflow issues for the following RPC function calls: - RPC call to function RPCFN_CMON_SetSvcImpersonateUser (in module stcommon.dll) - RPC call to function RPCFN_OldCMON_SetSvcImpersonateUser (in module stcommon.dll) - RPC call to function RPCFN_EVENTBACK_DoHotFix (in module earthagent.exe) - RPC call to function CMD_CHANGE_AGENT_REGISTER_INFO (in module earthagent.exe) - RPC call to function RPCFN_ENG_TakeActionOnAFile (in module eng50.dll) - RPC call to function RPCFN_ENG_AddTaskExportLogItem (in module eng50.dll) - RPC call to function RPCFN_ENG_TimedNewManualScan (in module StRpcSrv.dll) - RPC call to function RPCFN_SYNC_TASK (in module StRpcSrv.dll) - RPC call to function RPCFN_SetComputerName (in module StRpcSrv.dll) - RPC call to function RPCFN_ENG_NewManualScan (in module StRpcSrv.dll) - RPC call to function NTF_SetPagerNotifyConfig (in module Notification.dll) 3. Documentation Set ======================================================================== o Readme.txt -- basic installation, known issues Electronic versions of the printed manuals are available at: http://www.trendmicro.com/download 4. System Requirements ======================================================================== No special requirements for installing this security patch. 5. Installation ======================================================================== To install this security patch: 1. Copy the file "spnt_558_win_en_securitypatch4.exe" to a temporary folder on the ServerProtect Information Server. 2. Ensure that the ServerProtect Management console is not open. 3. Open "spnt_558_win_en_securitypatch4.exe" and follow the instructions to install the patch. The Information Server will deploy the patch to NT Normal Servers 30 seconds after the installation is complete, and then it will restart the ServerProtect services. Note: If the installation does not complete successfully, review the file "TMPatch.log" in the system root folder before contacting technical support. To roll back to the previous build: 1. Before you can roll back, run the following shell commands to stop all ServerProtect services: net stop spntsvc net stop earthagent net stop "TrendMicro Infrastructure" 2. You can find the backup files with the file extension "bak" in the the ServerProtect home directory. To roll back, just rename the backup files and use them to replace the current files. 3. After the rollback, run the following commands to start the ServerProtect services: net start spntsvc net start earthagent net start "TrendMicro Infrastructure" 6. Post-installation Configuration ======================================================================== No post-installation configuration needed for this patch. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing this patch. 7. Known Issues ======================================================================== This release has the following known issues: 7.1 You must close the Management Console before applying this patch. Otherwise, the patch installation will not be successful. 7.2 You cannot install the ServerProtect Normal Server and an OfficeScan(TM) client on the same computer. 7.3 After this patch is applied, the pattern update progress bar may not accurately reflect the actual progress. 8. Release History ======================================================================== See the following Web site for more information about updates to this product: http://www.trendmicro.com/download 9. Contact Information ======================================================================== A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees. You can contact Trend Micro via fax, phone, and email, or visit us at: http://www.trendmicro.com Evaluation copies of Trend Micro products can be downloaded from our Web site. Global Mailing Address/Telephone numbers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to: http://www.trendmicro.com/en/about/overview.htm The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen. Note: This information is subject to change without notice. 10. About Trend Micro ======================================================================== Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop. Copyright 2007, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, ServerProtect, and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ======================================================================== Information about your license agreement with Trend Micro can be viewed at: http://www.trendmicro.com/en/purchase/license/ Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Getting Started Guide or Administrator's Guide