Description
Veritas has discovered that the Veritas System Recovery folder is vulnerable to attackers running as low privileged users. See CVE-2023-28047 for more details. Existing System Recovery customers who are running in low privilege user mode must execute the script available from Veritas Download Center. This script applies to all previous versions of System Recovery.
Script Execution Instructions
- Download and unzip the SR_HF_860045.zip file.
- Copy the ‘FolderPermission.ps1 PowerShell script’ to the desired path.
- Open Windows PowerShell and Run as Administrator.
 Ensure the permissions to run the PowerShell script are enabled using the following command:
 
 Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
 
  
 
 Note: If "RemoteSigned" never works, replace the "RemoteSigned" with "Bypass" or "Unrestricted".
 Return to the original value after finishing Step 4 to 8.
 
- To change the directory to the path where the script is copied, type ‘cd <path>’ and press Enter.
 
  
 
- To run the script, type .\FolderPermission.ps1 and press Enter. The default Veritas System recovery path will be displayed.
 
  
 
- If your path is the same as C:\ProgramData\Veritas\VERITAS SYSTEM RECOVERY, type "Yes", and press Enter.
 
  
 
 If your path is not the same as C:\ProgramData\Veritas\VERITAS SYSTEM RECOVERY, type "No", and type your path, and press Enter.
 
  
 
- When the script is completed, there will be a confirmation that displays permissions for the Veritas System Recovery folder.
 
  
 
 The above screenshot confirms the modification of the permission for the Veritas System Recovery folder for the low privilege users.Note 1: In the event of uninstallation, repair or upgrade of the product, the changes made will be reverted. Note 2: Restoring the volume where Veritas System Recovery log resides or the machine, to point in time when vulnerability fix was not applied, will revert the current changes. Customers should re-run the script in such case after restore of volume or machine. Note 3: This script will also generate "Permissions.txt" file in the same path where the script is running. The text file will contain the permissions for Veritas System Recovery folder before and after the script has run. 
 
  
