The vulnerability scan has been reporting vulnerabilities in the Installshield Update Service. This update service is bundled by some third party products. The first several times I looked at how to patch this all I could find was documents saying to wait for the original application that bundled Installshield Updater to update. That obviously wasn't acceptable. At that time I didn't even know which application put this on the system.
The first vulnerability was Macrovision InstallShield Update Service Multiple Insecure Methods. CVE 2007-5660. The vulnerability here was in the ActiveX control of the update service (isusweb.dll). I deployed ActiveX kill bits as a preventative measure, but I kept looking for a patch.
Next there was a vulnerability in InstallShield Flexnet Connect ActiveX. CVE-2008-2470.
I was able to look at the computers reporting the vulnerability and I found in most cases a database.ini file that indicated the GUID of the software package to be updated by Flexnet Connect. It appeared to be Roxio CD/DVD burning software cerca 2006.
More searching revealed that Roxio has published a KB for this here with a link to a security update.
I tested out the update and it looks like with a /v"/qb" switch I can deploy this pretty easily.
Leave a comment