Academic Company Events Community Support Solutions Products & Services Contact NI MyNI
25 ratings:
 2.31 out of 5     Rate this Document

How Do The NI Q2 2013 Security Updates Affect Me?



Primary Software: NI Installers>>Installer Framework
Primary Software Version: 1.1
Primary Software Fixed Version: N/A
Secondary Software: N/A

Problem:
I have received a notification that my system might require the NI Q2 2013 Security Update. What actions should I take to eliminate the security vulnerability?

This KnowledgeBase is also available in English, Spanish, French, German, Korean, Japanese, or Chinese.

Solution:
NI has created several patches to eliminate the vulnerability. National Instruments strongly recommends that you update your system with the required patches.

Note: Commercial antivirus or malware detection products are not guaranteed to prevent the vulnerability from being exploited.

Updating Your Systems

Take one of the following actions to update your systems with the required patches:
  • For systems with NI Update Service installed: Launch NI Update Service from the Windows Start menu. Download and install all the NI Security Updates that NI Update Service recommends. Note: Systems with a version of NI Update Service prior to 2.0 require an update to NI Update Service before any security updates are displayed.
  • For offline systems or systems without NI Update Service: Refer to How Do I Apply NI Q2 2013 Security Updates On Systems Without NI Update Service Installed?, and follow the instructions for downloading and running the NI Security Update Tool Q2 2013. Install the patches that the update tool recommends. Note: If, after installing the patches, you install additional NI software released prior to August 2013, NI recommends that you re-run the update tool.
Note: If you have security policies that ensure that no NI ActiveX controls run in the context of Microsoft Internet Explorer or Microsoft Office, your system is not vulnerable. However, NI recommends that you install the patches at your convenience.

Updating Deployed Systems

If you produce an application distribution that includes NI software components, your end users’ systems might also be vulnerable. NI recommends that you notify your end users that a vulnerable component might be installed on their system, and either refer them to the NI Security Update Tool Q2 2013 or provide them with an updated distribution. Refer to How Do I Update Deployed Systems And My Distribution Installers With The NI Q2 2013 Security Updates? for instructions and recommendations for updating your distribution.

Background

Security vulnerabilities exist in several NI ActiveX components installed with National Instruments software products. These components are vulnerable to attacks through Microsoft Internet Explorer and Microsoft Office.  The following articles describe each of these vulnerabilities in more detail.

Patch Details

NI has created several patches to eliminate this issue. All users of NI application software and NI device drivers on Microsoft Windows operating systems should install one or more of these patches. As described below, NI provides tools that determine which patches you need to install.

Each patch includes a common mechanism that disables the vulnerable NI ActiveX components in Microsoft Internet Explorer and Microsoft Office using standard Microsoft “kill bit” registry keys. Refer to How Do Microsoft “Kill Bits” Affect NI ActiveX Components? for more information. Each patch also includes replacement NI ActiveX components. The set of patches are:

Patch Download Locations

NI recommends that you use NI Update Service or the NI Security Update Tool Q2 2013 to update systems. You can download the tool from the following location: NI Security Update Tool Q2 2013.

Alternatively, the individual patches are available for download at the following locations:
NI Security Update 67L8K7QW (NI General Security Patch Q2 2013)
NI Security Update 67L8ECQW for LabWindows/CVI Help
NI Security Update 67L8J3QW for Lookout 6.5
NI Security Update 67L8J3QW for Lookout 6.6
NI Security Update 67L8J3QW for Lookout 6.7

Related Links:
KnowledgeBase 67L8K7QW: How Does NI Security Update 67L8K7QW (NI General Security Patch Q2 2013) Affect Me?
KnowledgeBase 67L8LCQW: How Do Microsoft “Kill Bits” Affect NI ActiveX Components?
KnowledgeBase 67L8OHQW: How Do I Apply NI Q2 2013 Security Updates On System Without NI Update Service Installed?
KnowledgeBase 68OCH2QW: How Do I Update Deployed Systems And My Distribution Installers With The NI Q2 2013 Security Updates?
KnowledgeBase 68OCIGQW: How Do I Re-Enable NI ActiveX Components in Microsoft Internet Explorer or Microsoft Office That Were Disabled By the NI Kill Bit Patch Q2 2013?
KnowledgeBase 67L8LIQW: How Does NI Security Update 67L8LIQW for cwui.ocx Affect Me?
KnowledgeBase 67L8L0QW: How Does NI Security Update 67L8L0QW for cw3dgrph.ocx Affect Me?
KnowledgeBase 67L8IQQW: How Does NI Security Update 67L8IQQW for NI Help Links Affect Me?
KnowledgeBase 67L8KSQW: How Does NI Security Update 67L8KSQW for NI .NET Class Library Help Affect Me?
KnowledgeBase 67L8ECQW: How Does NI Security Update 67L8ECQW for LabWindows/CVI Help Affect Me?
KnowledgeBase 67L8J3QW: How Does NI Security Update 67L8J3QW for Lookout Affect Me?
KnowledgeBase 6CN8NEAR: What Is the Nature of Software Vulnerability NI-64BG6SWQ-1?
KnowledgeBase 6CP7P755: What Is the Nature of Software Vulnerability NI-64BG6SWQ-2?
KnowledgeBase 6CP9K755: What Is the Nature of Software Vulnerability NI-64BG6SWQ-3?
KnowledgeBase 6CP7OS4G: What Is the Nature of Software Vulnerability NI-64BG6SWQ-4?
KnowledgeBase 6CLDQ5NS: What Is the Nature of Software Vulnerability NI-64BG6SWQ-5?
KnowledgeBase  6CLF08SL: What Is the Nature of Software Vulnerability NI-64BG6SWQ-6?

Attachments:





Report Date: 03/22/2013
Last Updated: 08/26/2013
Document ID: 67L8N7QW

Your Feedback! poor Poor  |  Excellent excellent   Yes No
 Document Quality? 
 Answered Your Question? 
  1 2 3 4 5
Please Contact NI for all product and support inquiries.submit