informa
/
1 min read
News

Veritas Patches Zero-Day Bug

Veritas patched the zero-day vulnerability in its Backup Exec software two days after the bug first surfaced Friday.
Veritas patched the zero-day vulnerability in its Backup Exec software two days after the bug first surfaced Friday.

According to Symantec, a logic bug in the backup software could be exploited to bypass authentication, and let an attacker download any file on the system from a remote machine. On Friday, the only remedy available was to filter several TCP ports associated with the backup software.

Sunday, Veritas posted patches for the Windows and NetWare versions of the enterprise program, as well as NetBackup for NetWare Media Server.

Versions 8.6, 9.0, 9.1, and 10.0 of Backup Exec for Windows Servers should be patched, said Veritas, and versions 9.0 and 9.1 of the NetWare edition.

If the patches can't be immediately deployed, Veritas recommended that TCP port 10000 be blocked at the network perimeter.