Trend Micro Customers: Patch Now - UPDATE
If you've been living under a rock the past couple of days and haven't seen the public disclosure(s) that there have been several vulnerabilities exposed with a couple of Trend Micro products, then please pay attention.
This first came to our attention over the course of the past two days, via the folks at iDefense:
Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
In each case, Trend Micro has provided hotfixes for these vulnerabilities, but it appears that this information is not being propagated quickly enough to our customers.
Please follow the links above to find the appropriate hotfix for each of these vulnerabilities.
THIS IS IMPORTANT: It appears that there is increased activity in The Internet by hackers looking for ways to exploit at least one of these vulnerabilities. Details here & here.
PATCH NOW.
When more information becomes available, I will post it here or provide a link to the appropriate information.
- ferg
ObDisclosure: I work for Trend Micro, if you haven't figured that out by now. And we believe in appropriate responsibility and full disclosure.
UPDATE: 20:26 PDT: Trend Micro has posted additional technical details in obvious places. Start here.
UPDATE: 10:21 PDT, 23 August 2007: Yes, we are aware of this and we are investigating.
0 Comments:
Post a Comment
<< Home