------=_Part_2268_32906552.1146245272199 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline EMC Insignia has released an update to Retrospect 6.5 and 7.0 Windows to address a recently identified security vulnerability. Details on these updates and download links can be found at the following URL: http://kb.dantz.com/article.asp?article=3D9507&p=3D2 These security updates are also included in the latest version of the Retrospect 7.5 Driver Update released a few weeks ago via the automatic updates feature found in version 7.5. =3D=3D=3D http://kb.dantz.com/article.asp?article=3D9507&p=3D2 =3D=3D=3D * EMC Retrospect Application Local Access Vulnerability:* If an unauthorized person gets access to the backup server, they can launch Retrospect and take advantage of the fact that Retrospect runs with administrator privileges by using the File>Open command within Retrospect t= o run an executable, which will execute with all the privileges of Retrospect= , creating a local security risk. *EMC Retrospect Application Launcher Service Vulnerability:* If an unauthorized user replaces the Retrospect.exe executable with another application which has the name Retrospect.exe the launcher will launch it and run it with System account privileges (or whatever is specified in the RBU). *Vulnerability Fixes:* These problems have been resolved in the latest updates to the Retrospect Application for Windows versions 7.5, 7.0 and 6.5 software. All customers who use Retrospect Software versions 6.5, 7.0 or 7.5 are encouraged to download and install the latest Retrospect updates. * Retrospect 7.5 Users:* The above security issues are fixed in Retrospect Driver Update 7.5.1.105. Users of the Retrospect 7.5 Automatic Updates feature will automatically be asked if they would like to download and install this update. The above lin= k can also be used to download the update installer. * Retrospect and Retrospect Express 7.0 Users:* Before you download and install the 7.0.344 Application Security Updateto fix the above issues you must make sure that Retrospect 7.0.326 or Retrospect Express 7.0.301 or later has already been installed on your computer. You can identify the version of Retrospect you currently have installed by checking "About Retrospect" from the Retrospect Help menu. * Retrospect 6.5 and Retrospect Express Users:* Before you download and install the 6.5.382 Application Security Updateto fix thee above issues you must make sure that Retrospect 6.5.350or Retrospect Express 6.5.350 has already been installed on your computer. You can identify the version of Retrospect you currently have installed by checking "About Retrospect" from the Retrospect Help menu. *Localized versions of Retrospect* Download links for non-english versions of Retrospect can be found on the E= MC Insignia Downloads pag= e for your language. *Credit:* Thank you to Joe Luna for reporting this issue. ------=_Part_2268_32906552.1146245272199 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline EMC Insignia has released an update to Retrospect 6.5 and 7.0 Windows to address a recently identified security vulnerability. Details on these updates and download links can be found at the following URL: http://kb.dantz.com/article.asp?article=3D9507&p=3D2

These security updates are also included in the latest version of the Retrospect 7.5 Driver Update released a few weeks ago via the automatic updates feature found in version 7.5.

=3D=3D=3D http://kb.dantz.com/artic= le.asp?article=3D9507&p=3D2 =3D=3D=3D

EMC Retrospect= =20 Application Local Access Vulnerability:

If an unauthor= ized=20 person gets access to the backup server, they can launch Retrospect a= nd=20 take advantage of the fact that Retrospect runs with administrator=20 privileges by using the File>Open command within Retrospect to run= an=20 executable, which will execute with all the privileges of Retrospect,= =20 creating a local security risk.

 <= /span>

EMC Retrosp= ect=20 Application Launcher Service Vulnerability:

If an unauthor= ized user=20 replaces the Retrospect.exe executable with another application which= has=20 the name Retrospect.exe the launcher will launch it and run it with S= ystem=20 account privileges (or whatever is specified in the RBU).

&nbs= p;

Vulnerabili= ty Fixes:

These problems= have been=20 resolved in the latest updates to the Retrospect Application for Wind= ows=20 versions 7.5, 7.0 and 6.5 software. All customers who use Retrospect= =20 Software versions 6.5, 7.0 or 7.5 are encouraged to download and inst= all=20 the latest Retrospect updates.

=20

 

Retrospect 7.5 Users:

The above security issues are f= ixed in Retrospect = Driver=20 Update 7.5.1.105. Users of the Retrospect 7.5 Automatic Updates= =20 feature will automatically be asked if they would like to download an= d=20 install this update. The above link can also be used to download the= =20 update installer.

 

Retrospect and Retro= spect=20 Express 7.0 Users:

Before you download and install the 7= .0.344=20 Application Security Update to fix the above issues you must make= sure=20 that Retrospect 7.0.326 or Retrospect Express 7.0.301 or later has alr= eady been installed on your computer.

&nbs= p;

You can identify the version of Retrospect you= =20 currently have installed by checking "About Retrospect" fro= m the=20 Retrospect Help menu.

&nbs= p;

Retrospect 6.5 and R= etrospect=20 Express Users:

Before you download and install the 6= .5.382=20 Application Security Update to fix thee above issues you must mak= e=20 sure that Retrospect 6.5.350 or Retrospect Express 6.5.350 has already been= installed on your computer.

&nbs= p;

You can identify the version of Retrospect you= =20 currently have installed by checking "About Retrospect" fro= m the=20 Retrospect Help menu.


Localized=20 versions of Retrospect

Download links for non-english versions of Ret= rospect=20 can be found on the EMC Insignia Downloads page for your language.

&nbs= p;

Credit:

Thank you to J= oe Luna=20 for reporting this issue.

------=_Part_2268_32906552.1146245272199--