NOTE There was a previous issue where the update below failed to install for App-V 4.6 SP3. This problem has been fixed. The KB article and associated files have been updated and republished.
A new hotfix is now available that fixes vulnerabilities in the Detours Library that is used by Microsoft Application Virtualization (App-V). The following versions are affected:
- App-V 5.1
- App-V 5.0 Service Pack 3 (SP3)
- App-V 4.6 SP3
- App-V 4.5 SP2
This vulnerability could allow an attacker to bypass Address Space Layout Randomization (ASLR) and therefore bypass a product’s “hooks” by calling directly to the code stub. An attacker could install replacement code stubs that could view, create, change, or delete data.
For complete details on this update, including download and installation instructions, please see the following:
3172672 – Detours Library fix for Microsoft Application Virtualization (https://support.microsoft.com/en-us/kb/3172672)
J.C. Hornbeck, Solution Asset PM
Microsoft Enterprise Cloud Group