[Mise à jour, 24 juin 2022 @17h49] Reached by telephone, Nourfedin Zejnulahi, technical director of Trend Micro France, reviews the chronology of events. The first incidents were reported to the publisher’s French support at midday, this Tuesday, June 21. Three hospitals were involved. The publisher’s local teams began to approach the affected customers, while the “Critical Account Team” was mobilized. The experience of the teams in Asia, concerned a few hours earlier, made it possible to understand how the situation was going to develop in Europe. Above all, initial resolution measures have been proposed.
A corrective update to behavioral models was made available around 6 p.m. Less than an hour later, the first positive feedback from customers able to deploy it via Apex Central reached Trend Micro. For a majority of customers, the situation was almost resolved. However, she continued to be monitored on Wednesday June 22.
But things turned out to be more complex for some customers, notably 4 in France, out of the ten companies affected. This is where the efforts had to be concentrated. Because these customers were in configurations for which support had previously been stopped.
QA teams hadn’t incorporated them into their testing protocols before pushing the first update to the behavioral models. And in some cases, the recommended corrective action of disabling behavioral monitoring was not even applicable. In addition to systems running Windows 7 32-bit, issues have also been observed with some rugged systems running Windows 8.
Today, one of the key questions for affected customers is their ability to migrate to supported configurations.
[Article original, 24 juin 2022 @15h46] This Tuesday, June 21, 2022, a person working in a university hospital center in Vendée reported a large computer failure, on social networks.
Our colleagues from West France evoked the incident a few hours later, reporting “hundreds of computers” having experienced “failures” at the Nantes University Hospital Center (CHU). Contacted, the management of the CHU recognized “computer problems” having “caused malfunctions in various services”.
According to a publication on the CHU’s Facebook page, the “telephone switchboard and admissions services” were operating “in slow motion”.
Some comments provide details on the situation experienced by the staff of the Nantes University Hospital: all workstations under Windows 7, including biomedical equipment, have been affected and rendered unusable. But nothing attributable to the IT teams of the CHU: the incident would have been caused by the antivirus installed. This one is not named in the comments.
Separate sources, however, have confirmed the origin of the incident: the Trend Micro antivirus. According to these, the CERT Santé was mobilized to deal with a problem that was far from being confined to the CHU Nantes. Comparable situations have notably been observed across the Rhine. IT specialist author Günter Born echoed this in a blog post.
Trend Micro has released an advisory about the issue. In it, the publisher explains that it affects the protection agents for Apex One and Worry-Free Business Security workstations and servers. It is Windows 7 32-bit workstations that are affected, and more specifically those for which the behavioral monitoring function is activated: the 1,237,000 update of the behavioral models has proven to be problematic. Affected workstations unexpectedly rebooted immediately after logging on, citing a critical error.
A version 1,238,000 of these patterns, the Behavior Monitoring Configuration Pattern file, correcting the problem, was made available on Trend Micro’s update servers as of June 22.
The publisher thus reacted quickly even though it no longer supports Windows 7 and Windows 2008 R2 for its Worry-Free Business Security On-Premise offer (Standard and Advanced editions) since June 22, 2021. Installation and use are still possible since this date, but “the contents of the June 2021 patch and future versions will not be deployed to the security agent on machines running these operating systems”.
We have sent a request for comment to Trend Micro. This article will be updated when these reach us.