CA reveals ARCserve DDOS threat
Forced upgrades on the way for some users?
CA Technologies has found a nasty flaw in flagship backup software ARCServe.
The flaw goes all the way back to version 10 of the product, which has just reached v.16.
CA says the problem “can allow a remote attacker to cause a denial of service condition“ and “ … occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.”
Many versions of ARCserve can fix the bug with a patch, but CA's advisory  says the solution for ARCserve Backup for Windows r12.0 is to “Update to CA ARCserve Backup for Windows r16 SP1.”
We're sure ARCserve users will appreciate the forced upgrade and happily set aside other work to make it happen. ®