Security Vulnerability Notice

Original Release: May 3, 2019 | Last Revised: May 9, 2019


Using an exploit to forcibly update configuration data, the Printer Installer Client can be directed to bypass HTTPS hardening or directed to another Printer Installer Server. The Printer Installer Client does not correctly verify the origin and integrity of updates. An attacker who successfully exploits these vulnerabilities could run arbitrary code in the context of the Local System Account.



This solution prevents Man-in-the-Middle (MITM) attacks where bad actors may attempt to spoof a trusted entity by tricking the Printer Installer Server into connecting to a malicious host. To reduce any attempt at MITM attacks, you must configure your Printer Installer Server to use the HTTPS protocol as described below:

  1. Follow the steps outlined here: HTTP and HTTPS Configuration Steps.
  2. Next, make sure your homeURL is updated to HTTPS. For more information, see Update the Client’s HomeURL.
  3. In addition, you need to apply the client update described below to secure your Printer Installer environment.

CVE-2018-5409, CVE-2019-9505

This solution addresses vulnerabilities related to properly verifying the origin and integrity of the Printer Installer Client code, as well as sanitizing special characters that could lead to unauthorized changes to configuration files. To address these issues, apply the latest Printer Installer software update as described below:

  1. Download the update from: Printer Installer Security Update.
  2. On the Printer Installer Server, navigate to C:\inetpub\wwwroot\public\client\setup.
  3. Make a backup copy of your existing Printer Installer Client files before replacing them.
  4. Copy and replace the Printer Installer Client installation files with the new files provided in the download.
  5. Navigate to your Printer Installer Admin Console and enable the automatic update option to update your clients. If you want to push out the clients via GPO or using a software deployment tool, follow these instructions.
  6. To validate the update, check to see that the client for each workstation has been updated to the new version by navigating to ToolsReportsWorkstations from the Printer Installer Admin Console. Click Search to run a report for workstations in your environment. Verify that the numbers in the Client Version column are at least as recent as the numbers shown below
    1. Windows: or higher
    2. Mac: or higher
    3. Linux: or higher

If you have questions about these solutions, contact PrinterLogic Product Support for assistance.


CVE-2018-5408, CVE-2018-5409, CVE-2019-9505

Your browser is not supported.

This website will not run properly on this browser. To use the site, update to one of these modern browsers:

Continue to site