Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location

Discussion in 'other security issues & news' started by ronjor, Oct 27, 2020.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    172,059
    Location:
    Texas
  2. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    9,008
    Location:
    USA
    Looks like anyone up to date is already past this version.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    172,059
    Location:
    Texas
    I'm sure Macrium was notified before this notification was posted.
     
  5. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    9,008
    Location:
    USA
    Likely true and the right way to handle it. Despite any complaints I have ever had about them their product recovered a machine for me this week that a competitor failed to. I will happily give them more money whenever the next upgrade comes out.
     
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,821
    In general:
    It points once again to the fact that companies, who are using third party libraries, have to keep those libraries updated.
    It has been pointed out here at the Wilders board and at other sites, time and time again.
    Whether it is OpenSSL, 7-zip, or whatever third party library.
    ...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.