The UK’s NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively exploited.
Originally disclosed in March, the three vulnerabilities all had proof of concept (PoC) exploit code released the day after disclosure by Tenable, which reported the bugs to Arcserve. In these cases, it doesn’t usually take long before attackers try to abuse them.
The NHS hasn’t offered any details of the data it has seen that indicates possible exploitation but has “strongly encouraged” organizations to apply the patches as set out in Arcserve’s advisory.
