After applying Microsoft’s latest fix for the windows installer (kb2918614/MS14-049), we started noticing that our minor upgrades for the per-user installation started prompting for the UAC to be completed. No UAC is prompted if we do a fresh install but if we do a minor upgrade using a new full msi with REINSTALL=ALL REINSTALLMODE=vomus, the upgrade hangs in the middle requiring UAC. This was not the case before we applied the windows update fix where both fresh and upgrade scenarios worked fine with no UAC.
Their fix is documented in the following links and they mentioned that the vulnerability they fixed is caused when the Windows Installer service improperly handles the repair of a previously installed application
http://support.micro....com/kb/2918614
https://technet.micr...curity/MS14-049
Here are log entries before accepting the UAC request:
SOURCEDIR product ==> {F6B5B61D-8883-4494-A0A0-A437F173AA6A}
Determining source type
Source type from package 'application.msi': 8
SECREPAIR: Hash Database: C:\windows\Installer\SourceHash{F6B5B61D-8883-4494-A0A0-A437F173AA6A}
SECREPAIR: CryptAcquireContext succeeded
SECREPAIR: filename: application.msi Stored Hash Value:fjqR6m0/jCq5sAIj5WLUu06KFNqEkxuAJ0ZslZQpdYw= Current Hash:loNavG/BPRd9nn0ofrH8Q12W/TUq0rXJfb2KpozV3Qw=
Machine policy value 'AlwaysInstallElevated' is 0
User policy value 'AlwaysInstallElevated' is 0
MSI_LUA: Credential Request return = 0x0
MSI_LUA: Elevated credential consent provided. Install will run elevated
In other locations in the log, I confirmed that the windows installer is aware that this is a per-user non-managed installation package that doesn’t require any admin rights.
My guess is that the Microsoft fix for the repair issue is to compare the Stored Hash Value of the old package with the new Hash value of the new package and if it is different, it would prompt for UAC.
But then how are we suppose to handle the minor upgrade cases where these values should always be different. (Both repairing the product or upgrading the product shares the same command REINSTALL=ALL REINSTALLMODE=vomus )
How are we supposed now to do minor upgrades without requiring UAC? Am I missing something fundamental here?
Thanks