Dameware Mini Remote Control 12.1.0 Hotfix 2 is now available for download in your customer portal. Below are the release notes for this hotfix. This hotfix addresses the following issues: Security fixes MRC crashes while connecting to PC with portrait mode Send refresh makes display stop updating (with enabled mirror driver) Hotfix 2 also includes all fixes from Hotfix 1. This hotfix requires Dameware Mini Remote Control version 12.1.0 (with or without Hotfix 1) Warning: SolarWinds strongly recommends that you edit the files mentioned in this document only as instructed. Any additional modifications to these files may result in system performance issues or may cause an error. Make a backup of the files mentioned in the instructions below if you want to uninstall this hotfix later. Install the hotfix on DameWare Proxy Go to the Dameware Proxy machine. Turn off the Dameware Proxy component in the Configuration wizard. If the Dameware Server runs on the same computer, turn it off as well. Do not close the Configuration wizard. Open the DameWareDB.sdf database file using the free CompactView tool. By default, the file location is as follows: C:\Program Files (x86)\SolarWinds\DameWare Central Server Go to the RoleConfiguration table and clear all check boxes in the ''Status'' and ''IsInitialized'' columns. Remove all files from the binary folder. By default, the folder location is as follows: C:\Program Files (x86)\SolarWinds\DameWare Central Server\WebServerStaticContent\binary Extract Hotfix 2 archive, and copy the contents of the Dameware Proxy folder into the binary folder. By default, the folder location is as follows: C:\Program Files (x86)\SolarWinds\DameWare Central Server\WebServerStaticContent\binary Open Services, and select Stop the Dameware Server service. If you have Dameware Proxy installed on a separate machine (Dameware Server installed on another machine): a) In the opened configuration wizard, turn on the Dameware Proxy component. b) Pair the Dameware Proxy component with Dameware Server (on the server side). If you have Dameware Proxy on the same machine as the Dameware Server: a) In the opened Configuration wizard, turn on the Dameware Proxy component. b) Turn on the Dameware Server component. Install the hotfix on Dameware Mini Remote Control If you have MRC x86 version, copy the contents of the MRCx86 folder to the MRC installation folder on the computer. The default location of the folder for Centralized Version as a part of the Dameware Server installation is as follows: C:\Program Files (x86)\SolarWinds\DameWare Remote Support If you have MRC x64 version, copy the contents of MRCx64 folder to the MRC installation folder on the computer. By default, the installation folder location is as follows: C:\Program Files\SolarWinds\DameWare Mini Remote Control x64 Warning: If you have the remote control agent already installed on your remote machines from the Dameware 12.1 release, remove and install it manually from MRC (with Hotfix2 applied). Uninstall the hotfix If you want to uninstall Hotfix 2, you need to back up files (which will be replaced during the installation process) and save them in a separate location. Follow the same steps described in the installation process, but instead, use your backed up files. The hotfix is then uninstalled. For more information, see https://support.solarwinds.com/Success_Center/Working_With_Support .

This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

DameWare 12.1 HotFix 2 Now Available

ivodlouhy over 4 years ago

Dameware Mini Remote Control 12.1.0 Hotfix 2
is now available for download in your customer portal. Below are the release notes for this hotfix.

This hotfix addresses the following issues:

Security fixes
MRC crashes while connecting to PC with portrait mode
Send refresh makes display stop updating (with enabled mirror driver)

Hotfix 2 also includes all fixes from Hotfix 1.

This hotfix requires Dameware Mini Remote Control version 12.1.0 (with or without Hotfix 1)

Warning: SolarWinds strongly recommends that you edit the files mentioned in this document only as instructed. Any additional modifications to these files may result in system performance issues or may cause an error. Make a backup of the files mentioned in the instructions below if you want to uninstall this hotfix later.

Install the hotfix on DameWare Proxy

Go to the Dameware Proxy machine.
Turn off the Dameware Proxy component in the Configuration wizard. If the Dameware Server runs on the same computer, turn it off as well. Do not close the Configuration wizard.
Open the DameWareDB.sdf database file using the free CompactView tool.
By default, the file location is as follows: C:\Program Files (x86)\SolarWinds\DameWare Central Server
Go to the RoleConfiguration table and clear all check boxes in the ''Status'' and ''IsInitialized'' columns.
Remove all files from the binary folder.
By default, the folder location is as follows: C:\Program Files (x86)\SolarWinds\DameWare Central Server\WebServerStaticContent\binary
Extract Hotfix 2 archive, and copy the contents of the Dameware Proxy folder into the binary folder.
By default, the folder location is as follows: C:\Program Files (x86)\SolarWinds\DameWare Central Server\WebServerStaticContent\binary
Open Services, and select Stop the Dameware Server service.
If you have Dameware Proxy installed on a separate machine (Dameware Server installed on another machine):
a) In the opened configuration wizard, turn on the Dameware Proxy component.
b) Pair the Dameware Proxy component with Dameware Server (on the server side).
If you have Dameware Proxy on the same machine as the Dameware Server:
a) In the opened Configuration wizard, turn on the Dameware Proxy component.
b) Turn on the Dameware Server component.

Install the hotfix on Dameware Mini Remote Control

If you have MRC x86 version, copy the contents of the MRCx86 folder to the MRC installation folder on the computer.
The default location of the folder for Centralized Version as a part of the Dameware Server installation is as follows: C:\Program Files (x86)\SolarWinds\DameWare Remote Support
If you have MRC x64 version, copy the contents of MRCx64 folder to the MRC installation folder on the computer. By default, the installation folder location is as follows: C:\Program Files\SolarWinds\DameWare Mini Remote Control x64
Warning: If you have the remote control agent already installed on your remote machines from the Dameware 12.1 release, remove and install it manually from MRC (with Hotfix2 applied).

Uninstall the hotfix

If you want to uninstall Hotfix 2, you need to back up files (which will be replaced during the installation process) and save them in a separate location.
Follow the same steps described in the installation process, but instead, use your backed up files. The hotfix is then uninstalled.

For more information, see https://support.solarwinds.com/Success_Center/Working_With_Support.

0 michael.tran over 4 years ago

Need some clarification, does this mean the hotfix need to be installed on DameWare Proxy server, all machines with Dameware MRC installed, and all machines with Remote Control Agent Service already installed? We have the agent deployed via SCCM, so we have to rebuild the Dameware Agent Service and redeploy to all remote machines?
Cancel
Vote Up 0 Vote Down

Cancel
0 deadbeef over 4 years ago

michael.tran I think to resolve the vulnerability, the hotfix needs to be applied on administrator machines running Remote Control/Remote Support, as well as the agents on the client machines. The instructions given are very unclear about this, our vulnerability scanner confirmed that just installing the 12.1 agent does not resolve the vulnerability. There are also no instructions on how to apply the hotfix to agents without manually connecting to each one with a patched version of Remote Control. I'm trying to manually copy the updated files for the agent service (DWRCSE.dll, DWRCS.exe, DWRCSRSS.dll, DDLib.dll) to C:\Windows\dwrcs to find a way patch it in a way that will scale out to our 1000+ machines that need this, but not having much luck.

Since this hotfix was released in May, it's inexcusable and sloppy on SolarWinds' part to ask us to patch individual files in a hacky way like this. They need to release updated installers, that easily could have been done in this timespan . There's also no indication about the updated version (12.1.0.89) in Control Panel once installed, which makes it extremely difficult to keep track of which of our endpoints have this patch applied.
This is an extremely poor way to handle a security issue and to release software updates.
Cancel
Vote Up 0 Vote Down

Cancel