NoMachine Support

Your questions answered

Knowledge Base

Searching in: Software Updates
Filter the search results
Released on:
Searching in: Software Updates
ID: SU02P00194
Released on:  2018-02-20
Last update: 2018-02-23
Vulnerability in OSS nxfuse component (version 5)

Luxembourg, February 20th, 2018

NoMachine makes available a patch to fix a vulnerability affecting computers with Windows 7 installed. A local Windows user can gain elevated privileges through the nxfuse component. Nxfuse, based on the Dokan library v. 0.6.0, is an Open Source Software (OSS) component shipped in all NoMachine software packages.

This problem was reported on Windows 7 32-bit architecture and affects both NoMachine servers and clients. Customers with version 5 packages installed on all Windows operating systems are invited to download and install this update, 5.3.26.

NoMachine has also made the nxfuse source code available here:

https://www.nomachine.com/opensource.

The security advisory for customers using version 6 is available here:

https://www.nomachine.com/SU02P00195.

This release fixes the following Trouble Report:

TR02P08408 - Possible escalation of local user's privileges on Windows 7 (32bit)

 

Supported Platforms

Windows 32-bit/64-bit XP/Vista/7/8/8.1/10

 

Important Notice

The procedure of downloading and installing the 'Update Version' of packages is now obsolete. Customers will find a package labeled 'Production Version' which can be used for both new installations and updates of existing installations.

For more information on updating version 5 software, please consult the article:

www.nomachine.com/AR11O00945.

 

Download NoMachine Packages

Manual packages of version 5.3.26 are available for customers with a valid subscription v. 5. You can download the latest "Production version" package suitable for your Operating System from your customer area.


Automatic updates

The automatic check for updates is scheduled to check our repositories every two days.

To update any of the NoMachine servers immediately:

- Run the NoMachine GUI from your Programs Menu.

- Click on 'Settings', then on the 'Server preferences' and finally on 'Updates'.

- Then click on the 'Check now' button.

To update the NoMachine Enterprise Client immediately:

- Click on 'Settings' and 'Updates'.

- Then click on the 'Check now' button.

More information about the check for automatic updates is available here:

https://www.nomachine.com/AR05M00847


Manual package update

Please follow the instructions to update your installation manually:

On Windows:

- Download and save the EXE file.
- Double click on the NoMachine executable file.
- As for the installation, the Setup Wizard will take you through all steps necessary for updating NoMachine.

 

Documents

Installation and configuration guides for the NoMachine products are available at:

https://www.nomachine.com/documents

 

The NoMachine Security Team