BarTender 2016 Malware Vulnerability Follow

Avatar
Jasper Wen

There is a critical malware vulnerability in a given service release of BarTender 2016 and certain upgrade paths from BarTender 2016 to BarTender 2019. This vulnerability was identified and a fix was created in March of 2020. This fix is available for immediate download and installation.

The only version of the software that contains the software flaw is BarTender 2016 Release 3, and this was available until June 6, 2017, when it was replaced by Release 4. If this specific version was never installed, your system is not impacted. However, we are unable to tell you if you ever installed BarTender 2016 Release 3, so in case of doubt we highly recommend that you follow the instructions to update.

Note that a fresh installation of BarTender 2019 does not have this vulnerability, but if an installation of BarTender 2016 was upgraded to BarTender 2019 on the same machine, you may still be affected. The releases of BarTender 2019 R7 and newer specifically include a patch to fix this problem.

Please follow these instructions to update your software:

  • BarTender 10.1 and earlier: No Action Needed
  • BarTender 2016: Update to the latest BarTender 2016 release (click here)
  • BarTender 2019: If upgraded from BarTender 2016 and currently on 2019
    release R1-R6, update to the latest BarTender 2019 release (click here)
  • BarTender 2019 Fresh Install: No Action Needed
  • BarTender 2021 Preview 1 & 2: No Action Needed
Below are some common questions you might have on this critical BarTender update.

What versions of BarTender are affected?

  • Systems running BarTender 2016 on which BarTender 2016 Release 3 was installed at some point.
  • Anyone that was previously running BarTender 2016 Release 3 and then updated to BarTender 2019 R6 (and older) service releases of 2019.
  • Other versions and service releases of BarTender are NOT affected.

Does this vulnerability affect the BarTender 2016 UltraLite edition?

No, this vulnerability does not affect the UltraLite edition. The code responsible for this vulnerability was not in the UltraLite edition.

How do I know what version of BarTender I'm running?

To identify which edition and release of BarTender you are using please view this support article here.

How do I update to the latest service release?

To update BarTender 2016 to the latest release, you can find more information here.

To update BarTender 2019 to the latest release, you can find more information here.

I've only installed some components of the BarTender suite, such as the Seagull License Server, do I need to update as well?

To be safe, we recommend updating all systems (both the client and servers) that are running any component of the BarTender Suite to the latest service release. If you require assistance on how to best update, you can contact support here and we'll be able to further assist you.

I'm running BarTender on a standalone system that is not connected to the Internet, should I still update?

We still highly recommend updating if you're running a version of BarTender that is affected by this vulnerability.

How widespread is this vulnerability?

We have had one confirmed report of this exploit being used by malware. We have responded aggressively out of an abundance of caution.

Does this vulnerability have a CVSS score?

Yes, it has an overall CVSS score of 7.8. The detailed report can be found here.

 

If you have any questions, please reach out to our support team to assist you by click here.

13 comments

1
Avatar
Bon Edrison
Comment actions Permalink

Hi, 

Could you please kindly advice for below question regarding this issues.

1. Is it this malware attack for all version Bartender 2016? 

2.Should we deactivate, clean remove and reinstall the latest bartender 2016, existing PCK still valid for latest version Bartender?

3. For bartender 2019 upgrade from bartender 2016, if total remove 2016 and re-install 2019 will this affected too?

Please advice,

Best Regards,

Bon

0
Avatar
Domingo Rodriguez
Moderator
Comment actions Permalink

Hello Bon,

Thanks for your inquiry. 

Find below the answers to your remaining questions:

1. Almost every service release of BarTender 2016 is affected by this vulnerability, except for BarTender v2016 R9. This is why we recommend updating to BarTender 2016 R9 if your intention is to stay with BarTender 2016.

2. No, removing BarTender 2016 is not required. You can update to 2016 R9 without removing the existing BarTender installation. Your existing product key code can be reused to activate BarTender 2016 R9.

If you prefer to update to BarTender 2019 instead, you can also reuse your existing BarTender 2016 product key code as long as you're under a maintenance and support contract.

3. No, you shouldn't be affected by it, but to be on the safe side make sure that you install the latest service release for BarTender 2019, which is R9 currently.

0
Avatar
Chris Sharpe
Comment actions Permalink

Hello,

Does the activation server have the same vulnerability or is this just a client PC vulnerability?

Kind regards,

Chris

0
Avatar
Rich Wells
Comment actions Permalink

Dear Seagull,

There is the 2016 we have on our server for licensing and then there are LOTS of people in our company (probably 40-50) that have 2016 installed on their PCs. I'm assuming I have to update the server version to patch this issue. But what about the PC versions?

Thank you.

Rich

0
Avatar
Andre Dupre
Comment actions Permalink

  1. Do you have a CVSS score / details on the severity? For example, is there a privilege escalation, is it worm-able, etc?
  2. Are there any other details on the malware? Have you seen this actively exploited in the wild?
  3. Are there any steps we can take immediately to try to mitigate the threat? Upgrading, unfortunately, can take quite some time at our company. Depending on the severity of the vulnerability we may be able to push to do it faster or deploy a mitigation/workaround.

Thank you

0
Avatar
Jon Raines
Comment actions Permalink

Hi,

A few more questions.  

1) Will you be releasing more technical details on the vulnerability?   It's just a generic claim of being vulnerable (since March..) with no explanation of how the attack is possible.  Perhaps our setup isn't vulnerable...?

2) Is a server reboot required?   IE - do we have to uninstall Bartender (I'm on 2016 R7), reboot, reinstall, etc.   Or just stop Bartender Integration services?

Regards,

Jon 

0
Avatar
Kenny Rabickow
Comment actions Permalink

Hello,

Are you able to provide more information as to what is affected by the vulnerability and how it is being exploited so we know what needs to be updated (servers and/or clients) and how we should prioritize the updates?

Also, is the "UltraLite" edition of BarTender 2016 affected by the vulnerability?

Thanks,

Kenny

0
Avatar
Chan Siew Wei
Comment actions Permalink

Dear Seagull, 

There are few questions we would like to know before we perform upgrade to BarTender 2019.

Currently we are using Bar Tender 2016 R2 , version 11.0.2.3056 (64 bit) , OS: Windows Server 2012 R2 Standard [x64]

1) How long does the system upgrade it takes ?

2) During system upgrade, does it required downtime ?

3) After system upgrade, does it required any setup  configuration ?

4) After system upgrade, is the existing configuration will be change ?

 

Please advice.

 

Thanks & regards,

Siew Wei

0
Avatar
James Lenane
Moderator
Comment actions Permalink

Hi All,

To answer some of the questions raised already:

  • We are currently not advertising the nature of the new malware threat in an effort to prevent bad actors from exploiting this vulnerability.
    Our intent is to provide our customers more time to update and protect their systems from this attack.
  • To be on the safe side, we recommend updating both the client and server sides to the latest service release.

  • If your BarTender installation falls into one of these categories then you're affected and it is highly recommended that you perform the update:

    • You are running BarTender 2016 R1 to R8 → Update to BarTender 2016 R9.
    • You have upgraded from BarTender 2016 to BarTender 2019 R1 to R6 → Update to BarTender 2019 R9.
0
Avatar
James Lenane
Moderator
Comment actions Permalink

Hi Jon,

You do not need to uninstall BarTender, you can just apply the update with our installer for the latest revision. A reboot should not be required.

We have some more information on updating your service release in this article.

0
Avatar
James Lenane
Moderator
Comment actions Permalink

Hi Siew Wei,

I'm going to create a ticket to get back to you directly as your method of upgrading from BarTender 2016 to BarTender 2019 will depend on your license.

In my post above I mention if you're on BarTender 2016 R1 to R8 you only need to update to R9, which will involve mimium disruption.

 

For anyone with doubts, please reach out to our support team by clicking here.

0
Avatar
Eric Myers
Moderator
Comment actions Permalink

Hello Andre

To answer further questions you have asked:

At this time we can report the issue has been qualified with a CVSS score of 7.8. You can find more information on CVSS the NIST information page.

We are unable to provide any further information about the exploit. We don't want to give bad actors in the world any information that could affect customers that have not had the opportunity to update to the R9 release of BarTender 2016 or the R9 release of BarTender 2019.

We recommend updating to the latest releases of BarTender 2016 (R9) and BarTender 2019 (R9). It will protect against the reported issue. You can find more information about the exploit and further answers to your questions by checking out the BarTender 2016 Malware Vulnerability  information page

0
Avatar
Todd Howard
Comment actions Permalink

Hello,

  We have Bartender 2016 R8 installed on a Server and our clients connect to the database on that server.  Can I go ahead and upgrade our Server to R9 and then schedule time to upgrade the clients that access it in the days afterward? 

Thanks,

Todd

Please sign in to leave a comment.