[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer
Steve Dower
report at bugs.python.org
Tue Mar 8 08:29:59 EST 2022
Steve Dower <steve.dower at python.org> added the comment:
> Is there anything on our end we can do to prevent this kind of issue in the future?
Probably not, I think it's just a lesson learned about the capabilities of the MSI format and its integration with Windows (well, we could hurry up moving everyone to the Windows Store, which doesn't have this issue, but that seems unlikely ;) )
Similar issues have been reported to the Windows Installer team (e.g. CVE-2021-41379, CVE-2021-26415) that could have been fixed by disabling the unelevated repair function, but weren't. So I think it just has to become a known thing for people building MSIs that a "repair" can be run by non-elevated users, and install-time variables may not be preserved for the repair. (In our case, that means actually searching for the existing install rather than trusting the variable our bundle normally provides to the MSI.)
----------
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46948>
_______________________________________
More information about the Python-bugs-list
mailing list