I patched Adobe Flash Player. The machines now have both versions 9.0.5 and 9.0.47 and the scanning tool report that the vulnerability is stll there. I find that in the ADD or REMOVE Programs in Control Panel.
When I remove the Adobe Flash Player Plugin and rescan the vulnerability is gone.
I have a lot of machines and would like to know how to write a fixlet to address this issue!
You have a couple choices… One is you could just look up the Uninstall string in the registry and then hardcode it in an action… for instance, something like:
If you want to get clever, you can actually create an action that looks up the uninstall string based on the displayname in add/remove programs:
wait {value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “adobe” AND value “DisplayName” of it as string as lowercase contains “9.0.47”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry}
In both cases, you would need to figure out the way to make the uninstall silent (which is usually possible by adding a commandline option, but you will need to investigate a little more)…
I’m trying to unistall a program whose display name is “Numara Remote Control Host”
The relevance i wrote is
(exists key whose (value “DisplayName” of it as string contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)
It listed all the applicable computers
I tried two action scripts separately
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)& “/uninst”}
If i don’t want to hardcode and want to do the uninstall by searching on the “display name” like below:
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Guest”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)}
I don’t have the ability to test so I am not 100% sure, but I think the issue with your #1 relevance was that you need to do an “as string” to be able to concatenate the “/unist”… So you basically have two options:
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry +as string+)& “/uninst”}
or
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “Numara Remote Control Host”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry)} /uninst
If I hardcode the value of the uninstall string after the wait command followed by a /q my uninstall works great. If I try to generate a dynamic uninstall based on the relevence my /q is ignored.
Here’s the code and the variants that do not work…as in it totally ignores anything after the last } and prompts for the uninstall.
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)& " /q"}
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)}&"/ q"
Essentially I just need to run the concatenation of the values of the uninstall string and the /q following
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)} /q
I tried the following command as one of my first attempts at the /q along with many other variants…
wait {(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)} /q
The wait command is definately carrying on after it gets the uninstall string. From the command like it works perfectly. I’m just wondering if I should do some string manipulation inside of a batch file that strips off the text following the msiexec and tacks on a /q. I can then run an msiexec with the string that was just built. It’s turning into a “thing” so to speak…
(value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)
It’s pulling the value which I could make work hard coded but there are going to be different versions of Funk client I would like to eventually like to roll off with one job in a baseline.
ok, the problem is the null character at the end of the uninstall string. try this:
wait {(preceding text of first “%00” of (it as string) of value “UninstallString” of keys whose (value “DisplayName” of it as string as lowercase contains “juniper odyssey access client” AND value “DisplayVersion” of it = “4.60.49455”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry as string)} /q