Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location

Discussion in 'other security issues & news' started by ronjor, Oct 27, 2020.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,883
    Location:
    Texas
    ronjor, Oct 27, 2020
    #1
  2. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    drhu22, Oct 27, 2020
    #2
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,642
    Location:
    USA
    Looks like anyone up to date is already past this version.
     
    xxJackxx, Oct 27, 2020
    #3
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,883
    Location:
    Texas
    I'm sure Macrium was notified before this notification was posted.
     
    ronjor, Oct 27, 2020
    #4
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,642
    Location:
    USA
    Likely true and the right way to handle it. Despite any complaints I have ever had about them their product recovered a machine for me this week that a competitor failed to. I will happily give them more money whenever the next upgrade comes out.
     
    xxJackxx, Oct 27, 2020
    #5
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,653
    In general:
    It points once again to the fact that companies, who are using third party libraries, have to keep those libraries updated.
    It has been pointed out here at the Wilders board and at other sites, time and time again.
    Whether it is OpenSSL, 7-zip, or whatever third party library.
    ...
     
    FanJ, Oct 28, 2020
    #6
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...