------=_Part_2268_32906552.1146245272199
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
EMC Insignia has released an update to Retrospect 6.5 and 7.0 Windows to
address a recently identified security vulnerability. Details on these
updates and download links can be found at the following URL:
http://kb.dantz.com/article.asp?article=3D9507&p=3D2
These security updates are also included in the latest version of the
Retrospect 7.5 Driver Update released a few weeks ago via the automatic
updates feature found in version 7.5.
=3D=3D=3D http://kb.dantz.com/article.asp?article=3D9507&p=3D2 =3D=3D=3D
* EMC Retrospect Application Local Access Vulnerability:*
If an unauthorized person gets access to the backup server, they can launch
Retrospect and take advantage of the fact that Retrospect runs with
administrator privileges by using the File>Open command within Retrospect t=
o
run an executable, which will execute with all the privileges of Retrospect=
,
creating a local security risk.
*EMC Retrospect Application Launcher Service Vulnerability:*
If an unauthorized user replaces the Retrospect.exe executable with another
application which has the name Retrospect.exe the launcher will launch it
and run it with System account privileges (or whatever is specified in the
RBU).
*Vulnerability Fixes:*
These problems have been resolved in the latest updates to the Retrospect
Application for Windows versions 7.5, 7.0 and 6.5 software. All customers
who use Retrospect Software versions 6.5, 7.0 or 7.5 are encouraged to
download and install the latest Retrospect updates.
* Retrospect 7.5 Users:*
The above security issues are fixed in Retrospect Driver Update
7.5.1.105<http://ftp.dantz.com/pub/updates/ru751105.exe>.
Users of the Retrospect 7.5 Automatic Updates feature will automatically be
asked if they would like to download and install this update. The above lin=
k
can also be used to download the update installer.
* Retrospect and Retrospect Express 7.0 Users:*
Before you download and install the 7.0.344 Application Security
Update<http://download.dantz.com/archives/Retro-EN_7_0_344.exe>to fix
the above issues you must make sure that Retrospect
7.0.326 <http://download.dantz.com/direct/retrospect-en-7.0.326.exe> or
Retrospect Express 7.0.301 or later has already been installed on your
computer.
You can identify the version of Retrospect you currently have installed by
checking "About Retrospect" from the Retrospect Help menu.
* Retrospect 6.5 and Retrospect Express Users:*
Before you download and install the 6.5.382 Application Security
Update<http://download.dantz.com/archives/Retro-EN_6_5_382.exe>to fix
thee above issues you must make sure that Retrospect
6.5.350<http://www.dantz.com/en/download.dtml?category=3Dapplication&platfo=
rm=3Dwindows&language=3Den&version=3D6.5.350>or
Retrospect Express
6.5.350 has already been installed on your computer.
You can identify the version of Retrospect you currently have installed by
checking "About Retrospect" from the Retrospect Help menu.
*Localized versions of Retrospect*
Download links for non-english versions of Retrospect can be found on the E=
MC
Insignia Downloads <http://www.emcinsignia.com/supportupdates/updates/> pag=
e
for your language.
*Credit:*
Thank you to Joe Luna for reporting this issue.
------=_Part_2268_32906552.1146245272199
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
EMC Insignia has released an update to Retrospect 6.5 and 7.0 Windows
to address a recently identified security vulnerability. Details on
these updates and download links can be found at the following URL: <a href=
=3D"http://kb.dantz.com/article.asp?article=3D9507&p=3D2" target=3D"_bl=
ank" onclick=3D"return top.js.OpenExtLink(window,event,this)">
http://kb.dantz.com/article.asp?article=3D9507&p=3D2</a><br><br>These
security updates are also included in the latest version of the
Retrospect 7.5 Driver Update released a few weeks ago via the automatic
updates feature found in version 7.5.<br><br>=3D=3D=3D <a href=3D"http://kb=
.dantz.com/article.asp?article=3D9507&p=3D2" target=3D"_blank" onclick=
=3D"return top.js.OpenExtLink(window,event,this)">http://kb.dantz.com/artic=
le.asp?article=3D9507&p=3D2
</a> =3D=3D=3D<br><br><b>
<span style=3D"font-family: Verdana;"><font size=3D"1">EMC Retrospect=
=20
Application Local Access Vulnerability:</font></span></b>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<span style=3D"font-family: Verdana;"><font size=3D"1">If an unauthor=
ized=20
person gets access to the backup server, they can launch Retrospect a=
nd=20
take advantage of the fact that Retrospect runs with administrator=20
privileges by using the File>Open command within Retrospect to run=
an=20
executable, which will execute with all the privileges of Retrospect,=
=20
creating a local security risk. </font></span></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<span style=3D"font-family: Verdana;"><font size=3D"1"> </font><=
/span></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<b><span style=3D"font-family: Verdana;"><font size=3D"1">EMC Retrosp=
ect=20
Application Launcher Service Vulnerability:</font></span></b></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<span style=3D"font-family: Verdana;"><font size=3D"1">If an unauthor=
ized user=20
replaces the Retrospect.exe executable with another application which=
has=20
the name Retrospect.exe the launcher will launch it and run it with S=
ystem=20
account privileges (or whatever is specified in the RBU). </font></sp=
an>
</p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">&nbs=
p;</p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;">
<b><span style=3D"font-family: Verdana;"><font size=3D"1">Vulnerabili=
ty Fixes:</font></span></b></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;">
<span style=3D"font-family: Verdana;"><font size=3D"1">These problems=
have been=20
resolved in the latest updates to the Retrospect Application for Wind=
ows=20
versions 7.5, 7.0 and 6.5 software. All customers who use Retrospect=
=20
Software versions 6.5, 7.0 or 7.5 are encouraged to download and inst=
all=20
the latest Retrospect updates.</font></span></p>
=20
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;"> <br></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;">
<span style=3D"font-family: Verdana;"><b><font style=3D"font-size: 9p=
t;">
Retrospect 7.5 Users:</font></b></span></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;">
<span style=3D"font-family: Verdana;">The above security issues are f=
ixed in
<a href=3D"http://ftp.dantz.com/pub/updates/ru751105.exe" target=3D"_=
blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">Retrospect =
Driver=20
Update 7.5.1.105</a>. Users of the Retrospect 7.5 Automatic Updates=
=20
feature will automatically be asked if they would like to download an=
d=20
install this update. The above link can also be used to download the=
=20
update installer.</span></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;"> </p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left"><b>
<font style=3D"font-size: 9pt;" face=3D"Verdana">Retrospect and Retro=
spect=20
Express 7.0 Users:</font></b></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<font face=3D"Verdana">Before you download and install the
<a href=3D"http://download.dantz.com/archives/Retro-EN_7_0_344.exe" t=
arget=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">7=
.0.344=20
Application Security Update</a> to fix the above issues you must make=
sure=20
that <a href=3D"http://download.dantz.com/direct/retrospect-en-7.0.32=
6.exe" target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,=
this)">
Retrospect 7.0.326</a> or Retrospect Express 7.0.301 or later has alr=
eady been installed on your computer.</font></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">&nbs=
p;</p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<font face=3D"Verdana">You can identify the version of Retrospect you=
=20
currently have installed by checking "About Retrospect" fro=
m the=20
Retrospect Help menu.</font></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">&nbs=
p;</p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left"><b>
<font style=3D"font-size: 9pt;" face=3D"Verdana">Retrospect 6.5 and R=
etrospect=20
Express Users:</font></b></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<font face=3D"Verdana">Before you download and install the
<a href=3D"http://download.dantz.com/archives/Retro-EN_6_5_382.exe" t=
arget=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">6=
.5.382=20
Application Security Update</a> to fix thee above issues you must mak=
e=20
sure that
<a href=3D"http://www.dantz.com/en/download.dtml?category=3Dapplicati=
on&platform=3Dwindows&language=3Den&version=3D6.5.350" target=
=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">
Retrospect 6.5.350</a> or Retrospect Express 6.5.350 has already been=
installed on your computer.</font></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">&nbs=
p;</p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<font face=3D"Verdana">You can identify the version of Retrospect you=
=20
currently have installed by checking "About Retrospect" fro=
m the=20
Retrospect Help menu.</font></p><p style=3D"margin-top: 0pt; margin-b=
ottom: 0pt;" align=3D"left"><br></p><p style=3D"margin-top: 0pt; margin-bot=
tom: 0pt;" align=3D"left"><b>Localized=20
versions of Retrospect</b></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">
<font face=3D"Verdana">Download links for non-english versions of Ret=
rospect=20
can be found on the
<a href=3D"http://www.emcinsignia.com/supportupdates/updates/" target=
=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">
EMC Insignia Downloads</a> page for your language.</font></p>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;" align=3D"left">&nbs=
p;</p><b><span style=3D"font-family: Verdana;"><font style=3D"font-size: 9p=
t;">Credit:</font></span></b>
<p style=3D"margin-top: 0pt; margin-bottom: 0pt;">
<span style=3D"font-family: Verdana;"><font size=3D"1">Thank you to J=
oe Luna=20
for reporting this issue.</font></span></p>
------=_Part_2268_32906552.1146245272199--