I had intended to get this posting out earlier when I updated Unofficial Updater 2 on the 16th. Here are the changes that were made with the latest release UU2.
- Now works with all releases of ColdFusion 9. (9.0.0, 9.0.1, and 9.0.2)
- Applies APSB13-03
- New website to download http://www.uu-2.info, since github ended support for uploads
APSA13-01 does note that ColdFusion 8 and earlier is susceptible to the attack that APSB13-03 fixes. Based upon the security advisory it does not seem that Adobe will be providing a patch for ColdFusion 8 since core support for ColdFusion 8 ended last year. For ColdFusion 8 and earlier please make sure you properly secure the CFIDE directory and other mitigations steps noted in the security advisory.
I have also published an updated set of hashesets that can be used with hashdeep at https://github.com/dcepler/cfide-integrity to check the validity of CFIDE after applying APSB13-03. For details please see my previous post.
#1 by Ian Winter - January 24, 2013 at 9:05 AM
#2 by David Epler - January 24, 2013 at 2:48 PM
http://www.dcepler.net/post.cfm/more-updates-to-unofficial-updater-2
Specifically the section, Process Termination and Automated Command Line Installs.