FlexNet Connect vulnerability and its effect on Roxio customers
Knowledgebase Article :
000072GN |
Print this Article Issue The United States Computer Emergency Readiness Team (US-CERT) issued a vulnerability note about a 3rd party application that many software vendors, including Roxio, distribute with their products. The software in question is FlexNet Connect made by Acresso (formerly Macrovision) and takes the form of “Software Updates” on Windows operating systems.
According to Acresso, “Exploitation of this vulnerability is entirely theoretical and though this vulnerability has been in the product since the first release, there has never been any exploitation of this vulnerability.” Nevertheless, Acresso worked to close the vulnerability in their latest version (v 6.1 or 11.0.1) of their client, which Roxio is now testing and expects to distribute to its customers before November 15, 2008.
Resolution - Customers with version 6 and higher of the Acresso updater will receive a "Critical Update" message via the Software Updates manager and the new update will be delivered upon message acceptance.
-OR-
You can download the the Acresso updater patch here and install.
If you are unsure what version you are running, follow the paths below and right-click on the agent.exe file and choose Properties. Then click the Version tab.
6.0 - (C:\Program Files\Common Files\InstallShield\UpdateService)
6.1 - (C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6)
Note: For users of FLEXnet Connect 6.1 and later, Agent.exe already includes this security fix.
- Verify your FLEXnet Connect Agent has the security fix applied:
- In Windows Explorer, locate Agent.exe. For users of FLEXnet Connect 6.0 and earlier, Agent.exe will be located in:
c:\program files\common files\installshield\updateservice\
- Right-click on Agent.exe and click Properties . Then click the Version tab and verify that Agent.exe is version 6.0.100.65101 or higher.