May 14, 2024 at 05:36AM
The UK’s NHS warns that vulnerabilities in Arcserve Unified Data Protection software are likely being actively exploited. Despite not disclosing any specific data, NHS strongly encourages organizations to apply patches as outlined in Arcserve’s advisory. Critical vulnerabilities include authentication bypass and path traversal, posing risks of data theft, ransomware attacks, and sabotaged backups.
Based on the meeting notes, the key takeaways are:
1. The UK’s NHS has issued a warning about vulnerabilities in Arcserve Unified Data Protection (UDP) software being actively exploited, with specific details about three vulnerabilities: CVE-2024-0799 (CWE-287), CVE-2024-0800 (CWE-434), and CVE-2024-0801.
2. The NHS strongly encourages organizations to apply the patches as per Arcserve’s advisory, with indications of possible exploitation attempts following the publication of proof of concept (PoC) code.
3. The severity of the vulnerabilities is assessed differently by various organizations, with Tenable rating them as “critical” while NHS considers them to be of “medium” severity. However, the Centre for Cybersecurity Belgium (CCB) emphasizes the urgency of patching, warning of potential severe consequences if the vulnerabilities are successfully exploited.
4. CCB recommends organizations to upscale monitoring and detection capabilities to identify any suspicious activity related to the vulnerabilities and to ensure a swift response in case of an intrusion.
5. Concerns are raised about the potential impact of exploitation, such as data theft, ransomware attacks, and sabotaged backups, highlighting the need for swift action to prevent such incidents.
6. The note also mentions the lack of immediate response from Arcserve when asked about the exploit attempts and if customers had been alerted.
These takeaways provide a clear summary of the issues discussed in the meeting regarding the vulnerabilities in the Arcserve UDP software and the urgency of addressing them.