BarTender 2016 Malware Vulnerability Follow

Avatar
Jasper Wen

BarTender Content Team


There is a critical malware vulnerability in a given service release of BarTender 2016 and certain upgrade paths from BarTender 2016 to BarTender 2019. This vulnerability was identified and a fix was created in March of 2020. This fix is available for immediate download and installation.

The only version of the software that contains the software flaw is BarTender 2016 Release 3, and this was available until June 6, 2017, when it was replaced by Release 4. If this specific version was never installed, your system is not impacted. However, we are unable to tell you if you ever installed BarTender 2016 Release 3, so in case of doubt we highly recommend that you follow the instructions to update.

Note that a fresh installation of BarTender 2019 does not have this vulnerability, but if an installation of BarTender 2016 was upgraded to BarTender 2019 on the same machine, you may still be affected. The releases of BarTender 2019 R7 and newer specifically include a patch to fix this problem.

Please follow these instructions to update your software:

  • BarTender 10.1 and earlier: No Action Needed
  • BarTender 2016: Update to the latest BarTender 2016 release (click here)
  • BarTender 2019: If upgraded from BarTender 2016 and currently on 2019
    release R1-R6, update to the latest BarTender 2019 release (click here)
  • BarTender 2019 Fresh Install: No Action Needed
  • BarTender 2021 Preview 1 & 2: No Action Needed
Below are some common questions you might have on this critical BarTender update.

What versions of BarTender are affected?

  • Systems running BarTender 2016 on which BarTender 2016 Release 3 was installed at some point.
  • Anyone that was previously running BarTender 2016 Release 3 and then updated to BarTender 2019 R6 (and older) service releases of 2019.
  • Other versions and service releases of BarTender are NOT affected.

Does this vulnerability affect the BarTender 2016 UltraLite edition?

No, this vulnerability does not affect the UltraLite edition. The code responsible for this vulnerability was not in the UltraLite edition.

How do I know what version of BarTender I'm running?

To identify which edition and release of BarTender you are using please view this support article here.

How do I update to the latest service release?

To update BarTender 2016 to the latest release, you can find more information here.

To update BarTender 2019 to the latest release, you can find more information here.

I've only installed some components of the BarTender suite, such as the Seagull License Server, do I need to update as well?

To be safe, we recommend updating all systems (both the client and servers) that are running any component of the BarTender Suite to the latest service release. If you require assistance on how to best update, you can contact support here and we'll be able to further assist you.

I'm running BarTender on a standalone system that is not connected to the Internet, should I still update?

We still highly recommend updating if you're running a version of BarTender that is affected by this vulnerability.

How widespread is this vulnerability?

We have had one confirmed report of this exploit being used by malware. We have responded aggressively out of an abundance of caution.

Does this vulnerability have a CVSS score?

Yes, it has an overall CVSS score of 7.8. The detailed report can be found here.

 

If you have any questions, please reach out to our support team to assist you by click here.

Do you have feedback or questions on this article? We encourage you to post them on our Community Forums