• Consumer Products
  • Memory Cards
  • Camera Cards
  • DSLR Cards
  • Camcorder Cards
  • Gaming Cards
  • Mobile Memory Cards
  • Netbook Cards
  • Computing Products
  • Solid State Drives
  • Readers & Accessories
  • Music & Video Players
  • slotMusic™
  • slotRadio™
• Business Solutions
  • OEM Solutions
  • Mobile Handset Vendors
  • Mobile Network Operators
  • USB Flash Drives
  • Flash Memory Cards
  • Embedded Products
  • SD Worm
  • SSD
  • Enterprise
• Support
• About SanDisk
  • Careers
  • Press Room
  • Media Kit
  • Investor Relations
  • Worldwide Locations
  • Management
  • Contact Us
  • Corporate Social Responsibility
  • SanDisk TV
  • SanDisk Extreme Team

• Business Solutions
• Mobile Handset Vendors
• Mobile Network Operators
• USB Flash Drives
• Flash Memory Cards
• Embedded Products
• SD WORM
• Enterprise
• SSD
• Application Notes
• Technology
• Find a Distributor
• Contact Us

Security Bulletin December 2009

Overview
The Cruzer® Enterprise series of USB flash drives are equipped with a hardware-based encryption module and an access control mechanism to protect company data. SanDisk has recently identified a potential vulnerability in the access control mechanism and has provided a product update to address the issue.

Important Note: This issue is only applicable to the application running on the host and does not apply to the device hardware or firmware.

As a result, all Cruzer Enterprise USB flash drives being shipped to customers as of today contain the product update. SanDisk has also taken measures to inform customers and channel partners about the issue and has provided a software product update online to secure existing Cruzer Enterprise USB flash drive devices.

• Cruzer® Enterprise USB flash drive, CZ22 - 1GB, 2GB, 4GB, 8GB
• Cruzer® Enterprise FIPS Edition USB flash drive, CZ32 - 1GB, 2GB, 4GB, 8GB
• Cruzer® Enterprise with McAfee USB flash drive, CZ38 - 1GB, 2GB, 4GB, 8GB
• Cruzer® Enterprise FIPS Edition with McAfee USB flash drive, CZ46 - 1GB, 2GB, 4GB, 8GB

Recommendations
To implement this change, SanDisk recommends to users to install an update file, following this procedure:

• Fill in the online form here. This will direct you to a downloading site.
• Download the 'updater selector' application and the Quick Reference Guide with installation instructions.

In order to support its enterprise customers with large scale deployments of the update, SanDisk offers a free-of-charge, 3-months license for its Central Management & Control (CMC) system. CMC enables a central updating process for existing devices, version control monitoring, asset management and reporting of device usage within the organization. For more information and support please contact ent.support@sandisk.com. This offer is valid until 30 April, 2010.

Summary
Preserving customer security and product reliability continues to be a top priority at SanDisk. SanDisk will continue to work diligently with customers as well as third-party security researchers to maintain high levels of security.