Dameware Mini Remote Control 12.1.0 Hotfix 2
is now available for download in your customer portal. Below are the release notes for this hotfix.
This hotfix addresses the following issues:
Hotfix 2 also includes all fixes from Hotfix 1.
This hotfix requires Dameware Mini Remote Control version 12.1.0 (with or without Hotfix 1)
Warning: SolarWinds strongly recommends that you edit the files mentioned in this document only as instructed. Any additional modifications to these files may result in system performance issues or may cause an error. Make a backup of the files mentioned in the instructions below if you want to uninstall this hotfix later.
Install the hotfix on DameWare Proxy
Install the hotfix on Dameware Mini Remote Control
Uninstall the hotfix
For more information, see https://support.solarwinds.com/Success_Center/Working_With_Support.
Need some clarification, does this mean the hotfix need to be installed on DameWare Proxy server, all machines with Dameware MRC installed, and all machines with Remote Control Agent Service already installed? We have the agent deployed via SCCM, so we have to rebuild the Dameware Agent Service and redeploy to all remote machines?
michael.tran I think to resolve the vulnerability, the hotfix needs to be applied on administrator machines running Remote Control/Remote Support, as well as the agents on the client machines. The instructions given are very unclear about this, our vulnerability scanner confirmed that just installing the 12.1 agent does not resolve the vulnerability. There are also no instructions on how to apply the hotfix to agents without manually connecting to each one with a patched version of Remote Control. I'm trying to manually copy the updated files for the agent service (DWRCSE.dll, DWRCS.exe, DWRCSRSS.dll, DDLib.dll) to C:\Windows\dwrcs to find a way patch it in a way that will scale out to our 1000+ machines that need this, but not having much luck.
Since this hotfix was released in May, it's inexcusable and sloppy on SolarWinds' part to ask us to patch individual files in a hacky way like this. They need to release updated installers, that easily could have been done in this timespan . There's also no indication about the updated version (184.108.40.206) in Control Panel once installed, which makes it extremely difficult to keep track of which of our endpoints have this patch applied.
This is an extremely poor way to handle a security issue and to release software updates.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.