InstallAware Vulnerability in Yearli Desktop

Description of Issue

In Fall of 2022, InstallAware announced an update to their applications to protect against a potential vulnerability within their product. InstallAware is a third-party software installation application for Windows Installer, which is also used by Yearli Desktop.

Potential Security Risk

InstallAware is recommending upgrades to all versions prior to 32.10, as they may be susceptible to a DLL preloading vulnerability.

Required Action

All Yearli Desktop users with software versions from 2018-2022 need to apply the latest update within each installed version of Yearli Desktop. This latest update includes the new version of InstallAware with the security patches applied. You will be prompted to install the update when you launch the program.

Required Update

The latest version of InstallAware is available beginning with the releases listed below. In Yearli, you will find your version number by selecting About in the Help menu.

Yearli 2018: 3.18.47.002 or later
Yearli 2019: 3.19.47.001 or later
Yearli 2020: 3.20.410.001 or later
Yearli 2021: 3.21.410.002 or later
Yearli 2022: 3.22.22.002 or later

Yearli 2023 and later versions are not impacted.

Was this article helpful?
1 out of 2 found this helpful