Using the MSI packages simplifies the installation process for any number of systems and also provides additional benefits such as automatic repair, easy patching, and compatibility with GPO. However, in a typical enterprise environment, some form of control over the installed packages is often desired. Some applications implement custom bootstrapping mechanisms, some are just meant to be dropped on the disk. Not every application is distributed this way. Recently, I decided to research a single common aspect of many popular Windows applications - their MSI installer packages.
If you’re only interested in the vulnerability itself, then jump right there Introduction TL DR: This blog post describes the details and methodology of our research targeting the Windows Installer (MSI) installation technology. Windows Installer EOP (CVE-2023-21800) - Posted by Adrian Denkiewicz
0 kommentar(er)
