Menu
CCMEXEC.COM – Enterprise Mobility
  • Home
  • General
  • Configuration Manager
  • Windows 10
  • Intune
  • GitHub
  • Windows 11
  • About the author
CCMEXEC.COM – Enterprise Mobility

KB2918614 – Windows Installer triggers UAC

Posted on September 5, 2014September 9, 2014 by Jörgen Nilsson

KB2918614 which is part of the August patch Tuesday is released to solve a security issue in Windows Installer. What it does is change the way that Windows Installer handles repairs and advertised shortcuts as well. The description for the update doesn’t provide that much information.

UPDATE!! a workaround is described below

This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Normally a user could repair an application from the control panel without any additional permissions but after the update is applied if you try to repair for instance Adobe Reader you will, depending on your UAC setting be prompted for credentials.

UAC1This has caused some headache for many the last weeks not just for the auto-repair but for all using Activesetup and launches a msiexec.exe command in there to apply the users settings at first logon, and for advertised shortcuts as well.

Uninstalling the update brings back the normal behavior of Windows Installer again.

UPDATE!!

Thanks to HappySCCM http://happysccm.com/kb2918614-uac-gate/ who have posted the answer from Microsoft and a valid workaround..

Below if from HappySCCM’s site!

Microsoft:

This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Workaround if you have problems with repairing application:
==================================================
1. Uninstall the application and reinstall it with the security update installed. (sourcehash file generated with security update)

2. Manually copy the sourcehash file to c:\windows\installer folder. As the sourcehash file is generated based on the application files, the sourcehash file generated on computer A can be used on computer B.

Below is a screenshot of the sourcehash file:
screen

Just tested it and it works fine if you uninstall/install Adobe Reader again. After the installation the sourcehash file is generated and after that the repair is successful again.

Adobehash

Then at least newly installed computers can have the Update installed as it will not affect them.

Thanks for sharing HappySCCM!!

  • ConfigMgr
  • SCCM
  • UAC
  • Windows Installer
  • 8 thoughts on “KB2918614 – Windows Installer triggers UAC”

    1. Dan Gough says:
      September 6, 2014 at 1:02 pm

      I just tested this out with a package I have that uses active setup to run msiexec /fup to put a file and reg key in the user profile and did not get the UAC prompt (local standard user account on Win8.1 Pro). So I’m not worrying about this for now but thanks for the heads up and I’ll keep an eye out for it!

      Reply
    2. Dan Gough says:
      September 8, 2014 at 10:01 am

      Tested again with Windows 7 this time, self-heal, active setup, and repair via control panel all work for a standard user at my end. Interested to know how you managed to get the UAC prompt – I guess I could try Adobe Reader as pictured in the article!

      Reply
      1. Jörgen Nilsson says:
        September 9, 2014 at 1:38 pm

        Could it be that you just installed that computer/application after the update was installed.
        /Jörgen

        Reply
    3. Pingback: Microsoft patch KB 2918614 triggers ‘key not valid for use in specific state’ and other errors | 4an Nyheter
    4. Pingback: Microsoft patch KB 2918614 triggers ‘key not valid for use,’ more errors | 4an Nyheter
    5. Pingback: KB2918614 – UAC GATE | Happy SCCM
    6. Dan Gough says:
      September 10, 2014 at 10:46 am

      Indeed, it seems this issue only affects MSIs installed before the patch which is why I wasn’t seeing it!

      Reply
    7. Paul Vergouwe says:
      September 17, 2014 at 11:22 am

      No, this issue also affects MSI’s installed after the patch: I had it on my PC after I installed the patch and installed an application which needed a user-repair: bingo!

      Reply

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    My name is Jörgen Nilsson and I work as a Senior Consultant at Onevinn in Malmö, Sweden. This is my blog where I will share tips and stuff for my own and everyone elses use on Enterprise Mobility and Windows related topics.
    All code is provided "AS-IS" with no warranties.

    Tweets by ccmexec

    Recent Posts

    • Windows Servicing, Personal Teams and Success.cmd
    • Windows MDM Security Baseline – Settings Catalog
    • Configuring MS Edge Security Baseline v107 using Settings Catalog
    • Configuring Desktop App Installer using CSP and script?!
    • Customizing Taskbar and Start in Windows 11 22h2 with PowerShell

    ©2023 CCMEXEC.COM – Enterprise Mobility | WordPress Theme by Superb Themes
    This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
    Privacy & Cookies Policy

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT