Security patch for FLEXnet Connect
Today, Macrovision Corp. notified customers of FLEXnet Connect® (formerly called InstallShield Update Service) of a security vulnerability in the FLEXnet Connect client version 6.0. Customers using the FLEXnet Connect functionality that is bundled with some editions of InstallShield and AdminStudio are also affected. The problem only exists in the Windows client, not the Universal client. Also, version 6.1 is not affected.
Macrovision has released a patch to fix the vulnerability. If you are using FLEXnet connect and distributed the client to your customers, you need to take action as soon as possible. After updating the Connect SDK on your development machine you have to create an update for your application setup and ship it to your customers in order to update the Connect client on their machines.
Macrovision knowledge base articles:
Side note: End users can't update the client dircetly from Macrovision because it was installed by your setup as a merge module. This servicing limitation is making merge modules less popular these days, see Rule 43 in the Tao of the Windows Installer.