Critical Patch 1755 resolves several vulnerabilities in SMEX 12.0 Patch 1 for SP1.
- Issue: SMEX 12.0 Patch 1 for SP1 communicates with the Active Update (AU) server by HTTP which is unencrypted.
Solution: This critical patch enables SMEX to communicate with the AU server by HTTPS by default.
To configure this feature:
- Install the critical patch.
- Open the Registry Editor.
- Locate the following key and set the appropriate values:
Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\CurrentVersion
"1" = (default) enables the solution
"0" = disables the solution
- Restart SMEX.
- Issue: A Cross-Site Request Forgery (CSRF) vulnerability in SMEX 12.0 Patch 1 for SP1 may allow remote attackers to submit a malicious request to the ScanMail server.
Solution: This critical patch resolves the CSRF vulnerability.
- Issue: A cross-site scripting (XSS) vulnerability in SMEX 12.0 Patch 1 for SP1 may enable attackers to inject client-side scripts into web pages viewed by other users.
Solution: This critical patch resolves the XSS vulnerability.
Install this critical patch only on computers protected by the latest SMEX 12.0 Patch 1 for SP1. Download the latest Service Pack and patch from Trend Micro Download Center.
Trend Micro recommends that you apply Critical Patch 1755 on SMEX 12.0 Patch 1 for SP1.
Download the corresponding Readme file for more information.