How Do The NI Q2 2013 Security Updates Affect Me?Primary Software: NI Installers>>Installer Framework
Primary Software Version: 1.1
Primary Software Fixed Version: N/A
Secondary Software: N/A
I have received a notification that my system might require the NI Q2 2013 Security Update. What actions should I take to eliminate the security vulnerability?
This KnowledgeBase is also available in English, Spanish, French, German, Korean, Japanese, or Chinese.
NI has created several patches to eliminate the vulnerability. National Instruments strongly recommends that you update your system with the required patches.
Note: Commercial antivirus or malware detection products are not guaranteed to prevent the vulnerability from being exploited.
Updating Your SystemsTake one of the following actions to update your systems with the required patches:
Updating Deployed SystemsIf you produce an application distribution that includes NI software components, your end users’ systems might also be vulnerable. NI recommends that you notify your end users that a vulnerable component might be installed on their system, and either refer them to the NI Security Update Tool Q2 2013 or provide them with an updated distribution. Refer to How Do I Update Deployed Systems And My Distribution Installers With The NI Q2 2013 Security Updates? for instructions and recommendations for updating your distribution.
BackgroundSecurity vulnerabilities exist in several NI ActiveX components installed with National Instruments software products. These components are vulnerable to attacks through Microsoft Internet Explorer and Microsoft Office. The following articles describe each of these vulnerabilities in more detail.
Patch DetailsNI has created several patches to eliminate this issue. All users of NI application software and NI device drivers on Microsoft Windows operating systems should install one or more of these patches. As described below, NI provides tools that determine which patches you need to install.
Each patch includes a common mechanism that disables the vulnerable NI ActiveX components in Microsoft Internet Explorer and Microsoft Office using standard Microsoft “kill bit” registry keys. Refer to How Do Microsoft “Kill Bits” Affect NI ActiveX Components? for more information. Each patch also includes replacement NI ActiveX components. The set of patches are:
Patch Download LocationsNI recommends that you use NI Update Service or the NI Security Update Tool Q2 2013 to update systems. You can download the tool from the following location: NI Security Update Tool Q2 2013.
Alternatively, the individual patches are available for download at the following locations:
NI Security Update 67L8K7QW (NI General Security Patch Q2 2013)
NI Security Update 67L8ECQW for LabWindows/CVI Help
NI Security Update 67L8J3QW for Lookout 6.5
NI Security Update 67L8J3QW for Lookout 6.6
NI Security Update 67L8J3QW for Lookout 6.7
KnowledgeBase 67L8K7QW: How Does NI Security Update 67L8K7QW (NI General Security Patch Q2 2013) Affect Me?
KnowledgeBase 67L8LCQW: How Do Microsoft “Kill Bits” Affect NI ActiveX Components?
KnowledgeBase 67L8OHQW: How Do I Apply NI Q2 2013 Security Updates On System Without NI Update Service Installed?
KnowledgeBase 68OCH2QW: How Do I Update Deployed Systems And My Distribution Installers With The NI Q2 2013 Security Updates?
KnowledgeBase 68OCIGQW: How Do I Re-Enable NI ActiveX Components in Microsoft Internet Explorer or Microsoft Office That Were Disabled By the NI Kill Bit Patch Q2 2013?
KnowledgeBase 67L8LIQW: How Does NI Security Update 67L8LIQW for cwui.ocx Affect Me?
KnowledgeBase 67L8L0QW: How Does NI Security Update 67L8L0QW for cw3dgrph.ocx Affect Me?
KnowledgeBase 67L8IQQW: How Does NI Security Update 67L8IQQW for NI Help Links Affect Me?
KnowledgeBase 67L8KSQW: How Does NI Security Update 67L8KSQW for NI .NET Class Library Help Affect Me?
KnowledgeBase 67L8ECQW: How Does NI Security Update 67L8ECQW for LabWindows/CVI Help Affect Me?
KnowledgeBase 67L8J3QW: How Does NI Security Update 67L8J3QW for Lookout Affect Me?
KnowledgeBase 6CN8NEAR: What Is the Nature of Software Vulnerability NI-64BG6SWQ-1?
KnowledgeBase 6CP7P755: What Is the Nature of Software Vulnerability NI-64BG6SWQ-2?
KnowledgeBase 6CP9K755: What Is the Nature of Software Vulnerability NI-64BG6SWQ-3?
KnowledgeBase 6CP7OS4G: What Is the Nature of Software Vulnerability NI-64BG6SWQ-4?
KnowledgeBase 6CLDQ5NS: What Is the Nature of Software Vulnerability NI-64BG6SWQ-5?
KnowledgeBase 6CLF08SL: What Is the Nature of Software Vulnerability NI-64BG6SWQ-6?
Report Date: 03/22/2013
Last Updated: 08/26/2013
Document ID: 67L8N7QW