This article was originally published on April 03, 2020
WHAT’S NEW
This is to inform you of an important Windows security patch for EDB Migration Toolkit 53.0.1.
Windows security patch update:
This is a security patch for a vulnerability involving Window Installer.
Windows Installer creates a new process for icacls.exe/cscript.exe/cmd.exe/net.exe without specifying an absolute file path. If malicious executable files were renamed as the installer executable files and are saved in the same directory with the installer, then the malicious executable files were executed on Windows by default, as the executables are first searched into the current directory.
The patch prevents the MTK installer and the scripts to execute the cmd.exe and cscript.exe from the installer directory. Instead, the files are executed from the system path on Windows.
IS THIS FOR ME?
This announcement is for EDB customers who are using, or are interested in, EDB Postgres Migration Toolkit 53.0.1 on supported Windows Operating System and have a subscription for:
-
EDB Postgres Standard
-
EDB Postgres Enterprise
-
EDB Postgres Developer
HOW TO GET THE SOFTWARE
You can use an RPM package or StackBuilder Plus to install Migration Toolkit. StackBuilder Plus is distributed with both Advanced Server and PostgreSQL one-click installer, available at EnterpriseDB.
Before installing Migration Toolkit, you must first install Java (version 1.7.0). Free downloads of Java installers and installation instructions are available at: http://www.java.com/en/download/index.jsp
-
RPM package: For more information on installing MTK through RPMs, see Using an RPM Package to Install Migration Toolkit.
-
StackBuilder Plus
Perform the following steps to update your Migration Toolkit for Postgres Plus Advanced Server. It is recommended that you back up your files before performing the upgrade.
1. Right-click on the System tray icon (PostgreSQL Elephant) and select Install Components. StackBuilder Plus will start and the available updates are displayed in bold in the component selection screen.
OR
Run StackBuilder Plus directly from the Application menu. The update will automatically be selected and displayed in bold.
2. Expand the Add-ons, tools and utilities node of the tree control, and check the box next to EnterpriseDB Migration Toolkit.
3. Click Next to continue.
4. Click Next and select the download directory (where the update will be downloaded).
5. The installation program will start once the download is complete.
Note: The data directory will not be affected by this upgrade.
For more information, see the EDB Postgres Migration Toolkit Guide:
HOW TO RESTORE TO ORIGINAL VERSION
In order to restore to the previous version, run the previous version installer. This will restore the migration toolkit to the previously installed version.TROUBLESHOOTING
If you experience any problems installing the new software please contact Technical Support at:
Email: support@enterprisedb.com
Phone: US: +1-732-331-1320 or 1-800-235-5891
UK: +44-2033719820
Brazil: +55-2139581371
India: +91-20-66449612