News

Vulnerability of the Agent provided by Host-based Security


Thank you for using Enterprise Cloud (ECL) service.

Trend Micro has confirmed the following vulnerabilities in the Agent provided by Host-based Security in ECL2.0.
Please upgrade the Agent in response to this vulnerability.

Summary

Vulnerability of search engine (CVE-2021-25252)

In an environment where the Anti-Malware function is used in Host-based Security, a vulnerability has been confirmed in the search engine used by the Agent for virus scanning. Scanning an attack file can effect running out of memory or system down.

Please refer to the following URL for details.
https://success.trendmicro.com/solution/000285675

Services

Host-based Security
– Managed Anti-Virus
– Managed Host-based Security Package
* Managed Host-based Security Package is for when using the Anti-Malware function.

Agent and engine versions that may be affected by the vulnerability

Deep Security Agent version less than 11.0.0-1841
Search engine 12.500.1004 or less
* This vulnerability covers all operating systems targeted for services.

Countermeasures

The latest version of Agent available in the Security Control Panel can be used.

Agent version:
– Deep Security Agent 11.0.0-1841 (as of 3 March 2021)

* This vulnerability is a search engine problem, but Deep Security recommends upgrading the Agent program.
* For the engine version, check the search engine confirmation method below.
* If the old Agent version has been updated to the fixed engine, it will not be affected by the vulnerability.
However, Agent strongly recommends upgrading the program.

Notes on Agent upgrade

Refer to the following URL for details on the Agent upgrade procedure.
https://ecl.ntt.com/en/documents/tutorials/security/rsts/security/operation/host-based_security/agent_upgrade_index.html

It may be necessary to restart the OS depending on your computer.
After the upgrade, check the Security Control Panel to confirm that the Agent upgrade is complete.
* If you are using an end-of-support version, we cannot respond to inquiries regarding upgrades.
* If you are using the end-of-support version, please uninstall the Agent, restart the OS, and reinstall with the latest version.

How to check the Agent version

https://ecl.ntt.com/en/documents/tutorials/security/rsts/security/operation/host-based_security/agent_upgrade_check.html

How to check the version of the search engine

1. Open the management console screen of Deep Security Manager, and double-click the computer to which the supported version is applied on the “Computer” screen.
2. Select “Update” in the left pane of the screen to check the version of “Advanced Threat Search Engine”.

 

Thank you.