Jump to content

This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.

More on the security patch for FLEXnet Connect

No replies to this topic

Stefan Krueger

Stefan Krueger


  • Administrators
  • 13,269 posts

Posted 02 November 2007 - 13:42

Some additional information about the recently reported security vulnerability in FLEXnet Connect:

According to Secunia the vulnerability is reported in versions and of the Update Service ActiveX control (isusweb.dll), but other versions may also be affected. It is recommended that you update all machines which have versions prior to installed, or set the kill bit for the affected control. For more information see the advisory from VeriSign iDefense Security Intelligence Service.

A stand-alone installer to update the FLEXnet Connect Client on your end users' machines is available (Download). Unfortunately the installer isn't digitally signed, so it will display a UAC dialog with yellow title bar on Windows Vista, warning about an unidentified program. Note that this stand-alone installer will not update the redistributables on your development machine. You need to install the latest Connect SDK to do this.

To update the files in the InstallShield Redist folders on your development machine, download and install the latest version of the FLEXnet Connect SDK. I did this on a machine which has both InstallShield 12 and InstallShield 2008 installed. This updated the files in the Macrovision\IS12\Redist\Update Service folder, but not in its IS2008 counterpart. So after installing the SDK you should verify the version numbers and update the files manually as needed.

For more news and articles please visit my blog at msmvps.com/blogs/installsite or subscribe to the RSS feed.