===================================================================== CERT-Renater Note d'Information No. 2010/VULN012 _____________________________________________________________________ DATE : 08/01/2010 HARDWARE PLATFORM(S) : Verbatim Corporate Secure USB Flash Drive, Verbatim Corporate Secure FIPS Edition USB Flash Drives. OPERATING SYSTEM(S) : Systems running Verbatim Corporate Secure USB Flash Drive, Verbatim Corporate Secure FIPS Edition USB Flash Drives. ====================================================================== http://www.verbatim.com/security/security-update.cfm ______________________________________________________________________ Important Security Update December 2009 Verbatim Corporate Secure and Corporate Secure FIPS Edition series of USB flash drives contain a hardware-based encryption module and an access control application to protect sensitive data. Verbatim has recently identified a potential vulnerability in the access control application and has provided a product update to address the issue. Note: This issue is only applicable to the application running on the host system. It does not apply to the device hardware. Devices to which this update applies: Verbatim Corporate Secure USB Flash Drive 1GB, 2GB, 4GB, 8GB: This device has a black housing with capacity engraved on an aluminum plate affixed to the housing. Verbatim Corporate Secure FIPS Edition USB Flash Drives 1GB, 2GB, 4GB, 8GB: This device has a silver housing with capacity engraved on an aluminum plate affixed to the housing. The housing also contains the text "FIPS 140-2" in black text opposite the capacity plate. To implement this update, Verbatim recommends users to download and execute the appropriate software update below after reading all instructions on this page. Installation Instructions: 1. Close all applications and files on your Verbatim Corporate Secure or Corporate Secure FIPS Edition USB flash drive prior to updating 2. Backup all files on your Verbatim Corporate Secure or Corporate Secure FIPS Edition USB flash drive before running the updater. If running the updater on 2003 Server or Windows XP, the updater will also backup your files, however it is recommended to manually backup data to eliminate any risk of data loss due to unforeseen failure. If running the updater on Vista, you must manually backup the files to avoid data loss. 3. Download and run the appropriate updater, following the on-screen prompts. Note: You will be required to supply your password to complete the process. Corporate Secure Updater2.0.5.33 * (black device) Corporate Secure FIPS Edition Updater2.0.5.33 * (silver device) *Updaters run on Window 2000 SP4, Server 2003, XP SP1, SP2, and Vista only. Requires local Admin rights. Running the updater in a managed environment requires a connection to central management server. 4. Once the update process is complete, confirm the data contents are intact, and restore files from backup if necessary. 5. Take measures to secure and safeguard sensitive backup data as necessary. 6. Verbatim recommends you change your password. Select the settings menu from the toolbar icon and follow the prompts Maintaining the security of your data is a top priority at Verbatim. We will continue to work diligently to provide the highest levels of *security for your data. Report any problems or questions to Corp_Secure@verbatim.com or contact our technical support team as directed in the Support section of this website. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================