Arrive Security Advisory – ASA-12-001

Vulnerability notification which may affect the following Arrive Products: Arrive® InfoPoint™ 101 – Windows XP Embedded OS instances.

Published: Monday, August 13, 2012 | Updated: Monday, August 20, 2012

Version: 2.0

General Information

Executive Summary

Arrive has completed the investigation into a public report of this vulnerability. We have issued Security Bulletin ASB-12-001 to address this issue. For more information about this issue, please review ASB-12-001. The vulnerability addressed is related to the Windows XP Embedded OS Standard version that used to ship with the device and the possibility of malware infection on the device during customization.

Other Information

Arrive Protection Notification Program (APNP)

Arrive shares information and works closely with OS providers and reputed Security Service Consultants to identify and improve security protection on its devices.  Arrive provides vulnerability information and shares this information with customers who can protect themselves via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems.

Specifically for Microsoft Windows XP Embedded OS instances that resides on some of Arrive’s Infopoint 101 devices, to determine whether active protections are available from security software providers, please visit the active protections websites provided by Microsoft program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

• You can provide feedback by completing the Arrive Support Form.

Support

• Customers can receive technical support from Arrive Support .

Disclaimer

The information provided in this advisory is provided “as is” without warranty of any kind. Arrive Systems disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Arrive Systems or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special, exemplary, or punitive damages, even if Arrive Systems or its suppliers have been advised of the possibility of such damages. In any event, Arrive Systems total aggregate liability to you for all damages of every kind and type (regardless of whether based in contract or tort) shall not exceed the purchase price of the product. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

• V1.0 – Monday, August 13, 2012: Advisory published.
• V2.0 – Monday, 20 August, 2012: Advisory updated to reflect publication of security bulletin.

Microsoft Security Related Links

• Get security bulletin notificationsReceive up-to-date information in RSS or e-mail format.
• Microsoft Security Response Center (MSRC) blogView MSRC webcasts, posts, and Q&A for insights on bulletins and advisories.
• Report a vulnerabilityContribute to MSRC investigations of security vulnerabilities.
• See previously released security bulletins

Get less technical detail from the Safety and Security Center for consumers, or download the updates from Microsoft Update.