Apple was nice enough to provide an MSI to address the vulnerability, and it installs fine over my custom-built 7.2.0.240 package. For some reason, however, it is not showing up in Add/Remove programs (I also enabled the showing of "Security Updates" thinking it might be there, but no luck. The MSI looks fine as well, and I can see that the radial is enabled for Add/Remove programs." I am looking for a way to audit the installation of the package instead of using the System.qts file version or registry key (HKLM\Software\Apple Computer, Inc.\QuickTime\Security Updates) as recommended, and was thinking of using Microsoft SMS to audit the Add/Rem Programs entry instead. Is anyone else having the same issue?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Is the ARPSYSTEMCOMPONENT property set in the "Security Update MSI"?
Are they actually registering the product (can you uninstall it by launching the MSI again)?
Answered 10/04/2007 by: AngelD
Red Belt

Please log in to comment
0
I am looking for a way to audit the installation of the package instead of using the System.qts file version or registry key (HKLM\Software\Apple Computer, Inc.\QuickTime\Security Updates) as recommended, and was thinking of using Microsoft SMS to audit the Add/Rem Programs entry instead. Is anyone else having the same issue?
In what way 'audit'? Do you want to ensure it's installed?
Answered 10/04/2007 by: VBScab
Red Belt

Please log in to comment
0
Thanks for the quick reply. ARPSYSTEMCOMPONENT is not listed in the property table.
Answered 10/04/2007 by: Skaye
Senior Yellow Belt

Please log in to comment
0
By 'Audit' I simply mean I am looking for a way to track which QuickTime machines have the patch and which machines are still vulnerable.
Answered 10/04/2007 by: Skaye
Senior Yellow Belt

Please log in to comment
0
Sorry for the double post - I tried launching "SecUpdQuickTime720.msi" again and it simply ran through the install again - no prompt to change/modify or remove.
Answered 10/04/2007 by: Skaye
Senior Yellow Belt

Please log in to comment
0
By 'Audit' I simply mean I am looking for a way to track which QuickTime machines have the patch and which machines are still vulnerable.Well, I don't know SMS at all but, if it were me, I'd have a script walk the AD and be looking at the 'Uninstall' registry entry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[QT_patch_product_code], maybe use the 'InstallDate' value...?
Answered 10/04/2007 by: VBScab
Red Belt

Please log in to comment
0
That's what I want to do basically, but instead using an SMS query to look at that same uninstall key. What's strange is that that key doesn't even exist for this particular MSI, even though the msi shows a product code of "{9D1BEF20-A136-433C-99B9-B6EDC1598C4A}"
Answered 10/04/2007 by: Skaye
Senior Yellow Belt

Please log in to comment
0
Well, then, I think you're stuck with using the recommended registry value. If it were me, though, I couldn't resist snapshotting it to see exactly what it gets up to, just to satisfy myself.
Answered 10/05/2007 by: VBScab
Red Belt

Please log in to comment
0
ORIGINAL: Skaye

That's what I want to do basically, but instead using an SMS query to look at that same uninstall key. What's strange is that that key doesn't even exist for this particular MSI, even though the msi shows a product code of "{9D1BEF20-A136-433C-99B9-B6EDC1598C4A}"


That is why I stated "Are they actually registering the product".
As the product isn't registered when installed the "CurrentVersion\Uninstall\[QT_patch_product_code]" will not get written.
Either add the register related actions or the "Uninstall\[QT_patch_product_code]" registry entries to the MSI.
You can choose to use a transform or directly modify the MSI, as the MSI is not being registered by default the vendor will not be able to create any update/patch for this MSI and therefore any of the options is fair play.
Answered 10/05/2007 by: AngelD
Red Belt

Please log in to comment
0
Hi folks,
a quick glance at this MSI shows, that Apple made a huge step in the wrong direction with this update (after making a real progress the last few months)!
This thing is a badly crippled MSI.
The absence from ARP comes from the lack of the 'RegisterProduct' action in the 'InstallExecuteSequence' table of this package.
This makes it a zombie, which will not be removable with a standard approach.

This thing is definitley a nogo for a managed environment!

A solution could be, to make an admin install of both the 7.2.0.240 full install and the 7.2.0.245 Security Update.
Then the files from the update are copied over the predecessors in the .240 admin installation.
This should work, because only files are updated.
One could generate a new package code and product code, but keep the upgrade code. With this, the package should stay upgradeable.
Hope this clarifies it a bit.
Regards, Nick

Links:
http://docs.info.apple.com/article.html?artnum=306560
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=15270&cat=1&method=sa/SecUpdQuickTime720.msi
Answered 10/05/2007 by: nheim
Tenth Degree Black Belt

Please log in to comment
0
You should also add the RegisterUser action to "support" per-user installations as the RegisterProduct action register for per-machine.

Verify that the PublishComponents, MsiPublishAssemblies, PublishFeatures and PublishProduct actions are provided in the MSI to support advertisement and to register the feature states & feature-component mapping.
Answered 10/05/2007 by: AngelD
Red Belt

Please log in to comment
0
Hi folks,
the quickest solution could be to substitute the 'InstallExecuteSequence' table with a default one.
A default table can be copied from 'Sequence.msi' which is contained in the Installer SDK.
Use ORCA to export/import the table.
After that, you need to alter the 'LaunchConditions' sequence in this table, to look like this:
LaunchConditions NOT Installed 300
With this, the MSI is registered correctly, shows up in ARP and can be uninstalled.
Hope this helps someone.
Regards, Nick
Answered 10/08/2007 by: nheim
Tenth Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity