CA patches Personal Firewall and BrightStor ARCserve Backup

The manufacturer Computer Associates has released updates for its personal firewall and for BrightStor ARCserve Backup for laptops and desktops to eliminate several vulnerabilities. The problem in the firewall concerns drivers KmxStart.sys and KmxFw.sys, which enable a registered user with restricted rights to attain local rights on the system. Potentially, even a virus can take over a PC in this manner, even if the user was working without admin rights at the time of infection. CA is not announcing any details. CA Personal Firewall 2007 (v9.0) with the Firewall Engine version 1.0.173 and previous versions are affected. Even CA Internet Security Suite 2007 (v3.0) is affected if the vulnerable personal firewall is in operation there. The version is indicated under the help function. Starting with version 1.0.176, which has been distributed via automatic update since January 22, the flaw has been fixed.

Furthermore, several holes in BrightStor ARCserve Backup are responsible for having several linked services crash; CA also assumes that code can be injected and executed via these holes. According to the security advisory, it is not clear whether the holes can be infiltrated over the network, as has been the case with vulnerabilities in BrightStor ARCserve. CA does classify the vulnerability as critical. The following are affected:

BrightStor ARCserve Backup for Laptops and Desktops r11.0, r11.1 and r11.1 SP1
CA Desktop Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2
CA DMS r11.0 und r11.1

See also:

• CA BrightStor ARCserve Backup for Laptops and Desktops lgserver multiple overflow vulnerabilities, security advisory from CA
• CA Personal Firewall Multiple Privilege Escalation Vulnerabilities, security advisory from CA

(ehe)