Trend Micro WFBS 10.0 SP1: Patch Build 2178 released

[German]Trend Micro has released a patch with build 2178 for its Worry Free Business Security version 10.0 Service Pack 1 on October 26, 2019. This patch is supposed to close a 0-day vulnerability in the web console.


Advertising

Blog reader Tom B. thankfully sent me a short e-mail. The readme file states that the patch contains solutions to known issues that became known after the installation of the Worry-Free Business Security 10.0 Service Pack 1 release. Among the known issues Trend Micro writes:

2.2 Resolved Known Issues
     ======================================================
     This critical patch resolves the following issue:
    
     Issue: A possible zero-day vulnerability may allow an attacker 
               to bypass unauthorized log-on protection and launch a 
               Path Traversal Attack on the Worry-Free Business Security
               web console.
               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Solution: This critical patch updates the Worry-Free Business
               Security server program to remove the vulnerability.

So in Trend MicroWorry Free Business Security version 10.0 Service Pack 1, there may be a 0-day vulnerability that allows an attacker to bypass logon and perform a path traversal attack on the TM WFBS Web console. Trend Micro recommends that users install Patch 2178 immediately. You can download the WFBS_100_SP1_WIN_ALL_Patch_2178.exe file from the Product Patch tab on this Trend Micro page.


Advertising


This entry was posted in Security, Software, Update and tagged , , . Bookmark the permalink.

10 Responses to Trend Micro WFBS 10.0 SP1: Patch Build 2178 released

  1. Matthew Warburton says:

    Hi, we installed this latest patch and have noticed on every computer it is detecting between 80 and 100 pieces of spyware (all the same). I’m pretty sure they are false positives as we are seeing no issues with any of the PCs and all the pieces of spyware are ranging between around 2003 and 2012 – so it’s not like they are new instances of spyware. Has anyone else noticed this?

    • Calvin says:

      Hi,

      Same problem here, between 50 and 100 spyware detections on most clients. Very bizarre, the detected registry entries didn’t even exist before the scan, nor after the scan.

      Regards,
      Calvin

      • Matthew Warburton says:

        Hi Calvin,

        Is it the following by any chance?

        Adware_180Solutions.SearchAssistant
        Adware_180Solutions.Zango
        Adware_2020Search
        Adware_2Search
        Adware_3721
        Adware_ABetterInternet
        Adware_Adbars
        Adware_AdClicker
        Adware_Adplus
        Adware_Adtomi
        Adware_Alexa
        Adware_AlwaysUpdatedNews
        Adware_Begin2Search
        Adware_BestCode
        Adware_BHJK_PeopleOnPage
        Adware_BHJK_RealSearch
        Adware_BHO_AdLight
        Adware_BHO_EngageSidebar
        Adware_BHO_SearchMeta
        Adware_BHOT_AzeSearch
        Adware_BHOT_E-Ventures
        Adware_BHOT_HDTToolbar
        Adware_BHOT_ImyonBar
        Adware_BHOT_Mirar
        Adware_BHOT_PushToolBar
        Adware_BHOT_StartNow
        Adware_BikiniDesk
        Adware_Bonzi
        Adware_Caishow
        Adware_CommonComponents
        Adware_Dailybar
        Adware_Dealhelper
        Adware_DigitalNames
        Adware_DoDoor
        Adware_DotComBar
        Adware_Elitebar
        Adware_ExactAdvertising
        Adware_Gain
        Adware_HotOffers
        Adware_IBIS.WebSearch
        Adware_IEplugin
        Adware_IstBar
        Adware_IWantSearch
        Adware_Look2Me
        Adware_Lop
        Adware_MaxSearch
        Adware_MediaMotor
        Adware_Mokead
        Adware_NewDotNet
        Adware_SafeSurf
        Adware_SaveNow
        Adware_SearchAid
        Adware_SideSearch
        Adware_Softomate
        Adware_StatBlast
        Adware_Superlogy
        Adware_SystemSave
        Adware_TOPicks
        Adware_TotalVelocity
        Adware_Virtumundo
        Adware_WinAd
        Adware_WindUpdates
        Adware_WindUpdates.MediaTickets
        Adware_YourSiteBar
        Cookie_Advertising
        Cookie_Atwola
        Cookie_DoubleClick
        Cookie_LinkSynergy
        Cookie_Mediaplex
        Cookie_Profiling
        Dialer_259
        Dialer_ContentCall
        Dialer_Coulomb
        Dialer_Dialxs
        Dialer_MatrixTechnology
        Dialer_PornDial
        Dialer_Tibs
        Downloader_Agent
        Downloader_Hidd
        Downloader_MicrogamingSoftware
        Downloader_Small
        Downloader_Zlob
        Freeloader_ErrorGuard
        Freeloader_ErrorSafe
        Freeloader_WinAntiSpyware
        Freeloader_WinFixer
        HackingTools_Delf
        PUA.Win32.FusionCore.SMBD
        Spyware_KEYL_Asklog
        Spyware_KEYL_GoldEye
        Spyware_KEYL_GotYourStrokes
        Spyware_KEYL_PerfectKeylogger
        Spyware_KEYL_SoftDD.PCSpy
        Spyware_KEYL_XSoftware.227
        Spyware_TRAK_DesktopSpyAgent
        Spyware_TRAK_EBlaster
        Spyware_TRAK_Hslablog
        Spyware_TRAK_Odin.A
        Spyware_TRAK_PCTattleTale
        Spyware_TRAK_Sfyklg.A
        Spyware_TRAK_Spector
        Spyware_TRAK_TrueActive
        Spyware_TRAK_Visage
        Spyware_TRAK_Wiretap.B

        Thanks,
        Matthew

  2. Alessandro says:

    Hi Matthew.

    Yes, the same problem here.

    Now on every computer it is detecting around 530 spywares every manual scan (the same spywares on all the clients).
    Moreover, after the patch the clients can’t update theirselves (network/proxy error): after the rollback the clients can update theirselves, but they detect the 530 spywares (because the patch on the client remain the 2178).

    Thank you.
    Best.
    Alessandro

    • Matthew Warburton says:

      Hi Alessandro,

      I’m glad to hear someone else is having the same issue – it’s not nice to log into Trend to see tens of thousands of sypware detections – especially on our servers. We’ve spent hours on this to try confirm they were false positives as Trend wasn’t confirming there were known issues.

      Thanks,
      Matthew

    • Matthew Warburton says:

      But yeah – it’s detecting 524 on each machine – but then groups them together to something like 80.

  3. Alessandro says:

    Hi Matthew.

    Moreover, after the patch the clients can’t update the patterns (the updates fail with network/proxy error).

    Thank you.
    Best.
    Alessandro

  4. Advertising

  5. Matthew Warburton says:

    2179 has been released….

Leave a Reply

Your email address will not be published. Required fields are marked *