Important: Please update all Winthrop Products to resolve an Installer Security Vulnerability

David Meego - Click for blog homepageWinthrop Development Consultants was recently notified by InstallAware, the supplier of the installer software used for the distribution packages for all our products, that a Security Vulnerability was identify in their product. They have released a new version that resolves the issue.

However, the issue will exist on all machines that have used an installer built with the previous compromised versions of their installer software.

Using the newly fixed installer software, we have created and released new builds of all our products which should be installed at all customer and partner sites as soon as possible. Any build of any of our products downloaded and installed after 10-Aug-2022 contains the fix.

As a bonus, installing the new builds will give you access to all the latest enhancements, features and fixes.

Note: All workstations in a system must be updated to the new builds at the same time.

Below is the information from the product release notices:

Installer Critical Update

Critical Update: The InstallAware software used to create the installers for our products has been updated to resolve a recently identified critical DLL preloading vulnerability. As a copy of the installer remains on the machine for maintenance, update, removal, and repair tasks, the risk is ongoing until the system is updated with the fixed installer.

Please see the release notices for the new builds:

Please update all workstations and servers where GP is installed to these latest builds as soon as possible.

Old Microsoft Dynamics GP Versions

Note: The latest builds have been released for the last six versions of GP. There are no updates available for GP 2010 (v11.0) or GP 2013 (v12.0). It is recommended to update GP to a supported version so you can install the latest versions of our products. If you want to remove the security vulnerability for these old versions of GP, follow the steps below:

  • After installing the latest build available for your version.
  • Temporarily rename the GP application folder.
  • Uninstall the products via the Control panel.
  • Rename the GP application folder back.

This will remove the installer files while leaving the products files on the system.

More Information

Please note that the information being provided by InstallAware is being deliberating vague as providing more information increases the risk as it would help someone wanting to exploit the vulnerability. However, the issue relates to this topic from Microsoft:

Note: While the article refers to Windows Vista, the issue affects all Windows versions starting with Windows 2000 all the way through the latest Windows 11 and Window Server 2022 products.

I will continue to provide all the information I have on this article.

Hope this helps

David

18-Aug-2022: Added more information and link to Microsoft article.
23-Aug-2022: Added note about products for older GP versions.

This article was originally posted on http://www.winthropdc.com/blog.

10 thoughts on “Important: Please update all Winthrop Products to resolve an Installer Security Vulnerability

Please post feedback or comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.