[German]Trend Micro has released a patch with build 2178 for its Worry Free Business Security version 10.0 Service Pack 1 on October 26, 2019. This patch is supposed to close a 0-day vulnerability in the web console.
Advertising
Blog reader Tom B. thankfully sent me a short e-mail. The readme file states that the patch contains solutions to known issues that became known after the installation of the Worry-Free Business Security 10.0 Service Pack 1 release. Among the known issues Trend Micro writes:
2.2 Resolved Known Issues
======================================================
This critical patch resolves the following issue:
Issue: A possible zero-day vulnerability may allow an attacker
to bypass unauthorized log-on protection and launch a
Path Traversal Attack on the Worry-Free Business Security
web console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This critical patch updates the Worry-Free Business
Security server program to remove the vulnerability.
So in Trend MicroWorry Free Business Security version 10.0 Service Pack 1, there may be a 0-day vulnerability that allows an attacker to bypass logon and perform a path traversal attack on the TM WFBS Web console. Trend Micro recommends that users install Patch 2178 immediately. You can download the WFBS_100_SP1_WIN_ALL_Patch_2178.exe file from the Product Patch tab on this Trend Micro page.
Advertising
Hi, we installed this latest patch and have noticed on every computer it is detecting between 80 and 100 pieces of spyware (all the same). I'm pretty sure they are false positives as we are seeing no issues with any of the PCs and all the pieces of spyware are ranging between around 2003 and 2012 – so it's not like they are new instances of spyware. Has anyone else noticed this?
Hi,
Same problem here, between 50 and 100 spyware detections on most clients. Very bizarre, the detected registry entries didn't even exist before the scan, nor after the scan.
Regards,
Calvin
Hi Calvin,
Is it the following by any chance?
Adware_180Solutions.SearchAssistant
Adware_180Solutions.Zango
Adware_2020Search
Adware_2Search
Adware_3721
Adware_ABetterInternet
Adware_Adbars
Adware_AdClicker
Adware_Adplus
Adware_Adtomi
Adware_Alexa
Adware_AlwaysUpdatedNews
Adware_Begin2Search
Adware_BestCode
Adware_BHJK_PeopleOnPage
Adware_BHJK_RealSearch
Adware_BHO_AdLight
Adware_BHO_EngageSidebar
Adware_BHO_SearchMeta
Adware_BHOT_AzeSearch
Adware_BHOT_E-Ventures
Adware_BHOT_HDTToolbar
Adware_BHOT_ImyonBar
Adware_BHOT_Mirar
Adware_BHOT_PushToolBar
Adware_BHOT_StartNow
Adware_BikiniDesk
Adware_Bonzi
Adware_Caishow
Adware_CommonComponents
Adware_Dailybar
Adware_Dealhelper
Adware_DigitalNames
Adware_DoDoor
Adware_DotComBar
Adware_Elitebar
Adware_ExactAdvertising
Adware_Gain
Adware_HotOffers
Adware_IBIS.WebSearch
Adware_IEplugin
Adware_IstBar
Adware_IWantSearch
Adware_Look2Me
Adware_Lop
Adware_MaxSearch
Adware_MediaMotor
Adware_Mokead
Adware_NewDotNet
Adware_SafeSurf
Adware_SaveNow
Adware_SearchAid
Adware_SideSearch
Adware_Softomate
Adware_StatBlast
Adware_Superlogy
Adware_SystemSave
Adware_TOPicks
Adware_TotalVelocity
Adware_Virtumundo
Adware_WinAd
Adware_WindUpdates
Adware_WindUpdates.MediaTickets
Adware_YourSiteBar
Cookie_Advertising
Cookie_Atwola
Cookie_DoubleClick
Cookie_LinkSynergy
Cookie_Mediaplex
Cookie_Profiling
Dialer_259
Dialer_ContentCall
Dialer_Coulomb
Dialer_Dialxs
Dialer_MatrixTechnology
Dialer_PornDial
Dialer_Tibs
Downloader_Agent
Downloader_Hidd
Downloader_MicrogamingSoftware
Downloader_Small
Downloader_Zlob
Freeloader_ErrorGuard
Freeloader_ErrorSafe
Freeloader_WinAntiSpyware
Freeloader_WinFixer
HackingTools_Delf
PUA.Win32.FusionCore.SMBD
Spyware_KEYL_Asklog
Spyware_KEYL_GoldEye
Spyware_KEYL_GotYourStrokes
Spyware_KEYL_PerfectKeylogger
Spyware_KEYL_SoftDD.PCSpy
Spyware_KEYL_XSoftware.227
Spyware_TRAK_DesktopSpyAgent
Spyware_TRAK_EBlaster
Spyware_TRAK_Hslablog
Spyware_TRAK_Odin.A
Spyware_TRAK_PCTattleTale
Spyware_TRAK_Sfyklg.A
Spyware_TRAK_Spector
Spyware_TRAK_TrueActive
Spyware_TRAK_Visage
Spyware_TRAK_Wiretap.B
Thanks,
Matthew
Hi Matthew.
Yes, the same types for me.
Best.
Alessandro
Hi Matthew.
Yes, the same problem here.
Now on every computer it is detecting around 530 spywares every manual scan (the same spywares on all the clients).
Moreover, after the patch the clients can't update theirselves (network/proxy error): after the rollback the clients can update theirselves, but they detect the 530 spywares (because the patch on the client remain the 2178).
Thank you.
Best.
Alessandro
Hi Alessandro,
I'm glad to hear someone else is having the same issue – it's not nice to log into Trend to see tens of thousands of sypware detections – especially on our servers. We've spent hours on this to try confirm they were false positives as Trend wasn't confirming there were known issues.
Thanks,
Matthew
But yeah – it's detecting 524 on each machine – but then groups them together to something like 80.
Hi Matthew.
Moreover, after the patch the clients can't update the patterns (the updates fail with network/proxy error).
Thank you.
Best.
Alessandro
See my blog post Trend Micro WFBS 10.0 SP1: Patch Build 2178 reports Spyware from today.
2179 has been released….