Security updates from HP
HP has released a security update for its StorageWorks storage mirroring software to fix a critical vulnerability that allows attackers to penetrate and gain control of a system. No further details of the bug are given. According to the report, version 4.5 Service Pack 1 is affected. The bug is not present in version 4.5 Service Pack 2. Upgrading to version 5.0 also eliminates the problem. The updates can be obtained from Double-Take.
The vendor also reports multiple vulnerabilities in HP Instant Support for Windows. A flawed ActiveX control can be exploited by attackers to inject and execute code on a system. The bugs are fixed in version 18.104.22.168. According to HP, the new version is installed when a diagnostic session is launched from the "Instant Support Professional edition" website.
- HP StorageWorks Storage Mirroring Software, Remote Execution of Arbitrary Code, security advisory from HP
- HP Instant Support HPISDataManager.dll Running on Windows, Remote Execution of Arbitrary Code, security advisory from HP