Showing results for 
Search instead for 
Did you mean: 

Security Advisory affecting NetBackup on Windows--Issue: Arbitrary File Delete

Level 2

Hello Team,

Security Advisory affecting NetBackup on Windows--Issue: Arbitrary File Delete ---any impact on Netbackup version 7.7.3 & lower versions.

Below is the reference article:


   VIP    Certified

If you are still running 8 year old NetBackup software, let alone an OS that is still supported, this advisory is probably a drop in the bucket.

Yes client-side deduplication was a feature under v7.7.3, so yes you're probably vulnerable.

Yes, you should be telling your Management that clients that insist on running the legacy OSes that still require versions this old are massive security risks, are unsupported by the involved Vendors, and should be shutdown for the safety (and sanity) of everyone.

Level 2

Thanks Jnardello for the reply.

So for that upgradation is the only option or can we prevent this from client end to change any settings on OS level.

Level 6
Partner    VIP    Accredited Certified

I'm not sure that is present at 7.7.3.
It it is, you can try to stop and disable the "NetBackup Deduplication Multi-Threaded Agent" service

or check for "Configuring the Deduplication Multi-Threaded Agent behavior" at the deduplication guide of 7.7.3


the recommended is to upgrade to minimum 10.1.1 and apply msdp bundle eeb for that version on your windows servers.(execpt for 10.4 which doesn't require any eeb installation).

otherwise, as it is described in the article the mitigation step is to restrict  access to the boost_interprocess directory (C:\ProgramData\boost_interprocess) to local administrator users only

How about those Master servers, ops centre running on Windows and on version 10.1.1? Needs to apply the EEB as well?


Hi  Vincent,

as it is stated in the article by veritas:

Affected Components: Only on Microsoft Windows Operating Systems - Primary Server, Media Server and Clients
Affected Versions:, 10.3,, 10.2, 10.1.1, 10.1,, 10.0,, 9.1,
         Note: Older unsupported versions may also be affected.

Recommended Action:

Mitigation:  Restrict access to the boost_interprocess directory (C:\ProgramData\boost_interprocess) to local administrator users only


so for 10.1.1 you need to install the MSDP bundle on all servers concerned (master, media & clients).

Level 5

Hello - 

We are currently on

I was informed to run the latest Veritas Update for - NetBackup / Hotfix - MSDP Preferred EEB Bundle (Etrack 4047040)

This was added to the Veritas Support on 5/13/2024 - yesterday.

We dont use MSDP.  I installed it on a Test Netbackup client that is showing the HIGH vulnerability but it did nothing.  Seem like it skipped pretty much everything.  

So is the alternative to fix/clear the vulnerability for no permissions on C:\ProgramData\boost_interprocess

Is to give the local Administrator account FULL access only or ?





I also applied the EEB fix for clients and still being flagged out by the scanner.

Seems like only way is to upgrade to min 10.1.1 and apply the fix or apply the mitigation.

I was told by Veritas that can change the permission on the "C:\ProgramData\boost_interprocess " so that non-administrator users cannot access the boost_interprocess directory.  

Veritas stated that this will not clear the vuln from security center and that we would probably need to recast the vulnerability in security center