Channel Register

Original URL: http://www.channelregister.co.uk/2007/08/23/trend_micro_vuln_scanning/

Hackers prowl for Trend Micro vuln

By John Leyden
Published Thursday 23rd August 2007 11:45 GMT

Hackers have begun actively scanning for recently announced vulnerabilities in Trend Micro's ServerProtect product.

Security watchers at the Internet Storm Centre (ISC) have noted a huge upsurge of traffic on TCP port 5168, associated with security bugs (http://secunia.com/advisories/26523) in ServerProtect (an enterprise software product designed to protect servers and storage attacks).

Flaws in the application create a means for miscreants to load malware onto vulnerable systems. Fortunately, Trend Micro has published software updates designed to plug the security hole.

ServerProtect for Windows version 5.58 Build 1176 is known to be vulnerable, but other versions may also be flawed. Trend advises (http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt) users to update to Build 1185.

Sys admins are advised to patch up vulnerable systems or run the risk of dealing with compromised machines. "It looks likes machines are getting owned with this vulnerability," ISC warned (http://isc.sans.org/diary.html?storyid=3306) on Wednesday.

More information on the vulns can be found in advisories from security tools vendor ISS, which discovered the majority of the vulnerabilities, here (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=587) and here (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=588). ®

© Copyright 2008