| Subcribe via RSS

Trend Micro OfficeScan 8.0 Windows 7 Support

January 26th, 2010 | 2 Comments | Posted in Security, Software, Trend Micro

With the newest patch, OfficeScan 8.0 supports Windows 7.

This is Trend Micro OfficeScan 8.0 SP1 Patch 5

Full readme can be found here:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch5_en_readme.txt

It’s important to notice that only the following drivers are compatible with Windows 7:

Virus Scan Engine (8.952 or higher)
Virus Cleanup Engine (6.2.1016 or higher)
Anti-rootkit Driver (2.8.1063 or higher)
Common Firewall Driver (NSC) (5.8.1092 or higher)

Virus Scan Engine and Virus Cleanup Engine can be updated from the Active Update server.

Anti-rootkit Driver and the Common Firewall Driver (NSC) are included in this patch.

I haven’t had time to test if this actually works on Windows 7. If anyone has, please feel free to leave a comment. I will test it as soon as I can.

Tags: , , ,

0-day SMB remote exploit in Windows 7 and Windows Server 2008 R2

November 13th, 2009 | No Comments | Posted in Security, Windows

There is a new 0-day remote exploit available for Windows 7 and Windows Server 2008 R2.
This only works on R2 of Windows Server, but it work even with all the latest patches applied.

Exploitation of the exploit crashes the system. This is done by sending a NetBios header that specifies that the SMB-packet is 1, 2 or 4 bytes larger or smaller than what it actually is.

When the system crashes, there is no BSOD, the system simply freezes. And there is no traces in the event logs (after reboot).

When the system receives the packet, it goes into an infinite loop.

The crash itself happens in KeAccumulateTicks() due to NT_ASSERT()/DbgRaiseAssertionFailure() (which is caused by an infinite loop).

The vulnerability could possibly be exploited through IE.

And the proof of concept works by:

1. Running the python code on a *nix box, and ensuring port 445 is open.
2. Connecting through SMB to the *nix box.

Read more:
http://isc.sans.org/diary.html?storyid=7573
http://blog.trendmicro.com/new-smb-zero-day-exploit/
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html

Tags: , , , , ,

Windows 7 RC1 and Trend Micro OfficeScan 10

May 18th, 2009 | 12 Comments | Posted in Security, Software

Don’t try it. It will install. But it slows the system down. Really, it took me 25 minuts to log in. 10 minuts to just write the password.

I will try to find a workaround and share it. If anyone finds a solution, feel free to leave a commen!

Tags: , , ,
technoblog@trap.threatobs.com