Rabu, 17 Juni 2009

Critical Security Vulnerability Found in BlackBerry Desktop Software

dm_security_properties-2
dm_security_properties-2

A “critical” security vulnerability has been found in the BlackBerry Desktop Software in a knowledge base article (see KB16469) published by R.I.M. on Nov. 27th, and confirmed by Secunia, a leading vulnerability intelligence provider.

In short, the KB article states “Desktop Manager includes the Roxio® Media Manager for managing media synchronization … includes a Microsoft® ActiveX® control used for retrieving and installing application updates”.

While it is important that users with this vulnerability update and patch their system, we are not calling for a panic! What to do? Make the jump for the details…

According to Daphne, BlackBerryForums.com’s own resident security expert, users should examine the file properties of the ‘agent.exe’ file. Follow the directions below. Please note that is our understanding if you have Desktop Manager installed without Roxio, check the file still, but you should not need to upgrade according to my understanding.

A) Look at your PC, navigate to c: > Program Files > Common Files > Install Shield > Update Service. See the screenshot below:

dm_security_properties
dm_security_properties

B) Once you are in the ‘update service’ folder, right click on the ‘agent.exe’ file > click on Properties > then click on the Versions tab > and finally, click on the line ‘File Version’ in the column ‘Item Name’, per this next screenshot:

dm_security_properties-3
dm_security_properties-3

C) If the your file version is 6.0.100.65100 or earlier, your need to upgrade Desktop Manager. For example, the file above shown is infected (6.0.100.54472), and the Desktop software should be updated.

D) Update your Desktop Software to the latest patch for the BlackBerry Desktop Software version 4.5, 4.6, or 4.7. The KB article notes that the minimum BlackBerry Desktop Software version you can install to resolve this issue is 4.5. Click on this link to visit the Desktop Software Download area.

E) Alternatively, users who do not want to upgrade your BlackBerry Desktop Software, may install a patch from third-party software vendor Acresso™ Software to address the issue.

There is an ongoing discussion in this thread about this issue, to ask questions or to discuss.

Additional links:

http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html

http://secunia.com/advisories/32842/

Diposting oleh Carsotomotifonline di 04.59
Label:

Design by infinityskins.blogspot.com 2007-2008