Note: The contents of this Security Update is included in Service Release 4 (SR4). If you have already installed SR4 you do not need to install this Security Update. If you have not yet installed SR4, you should consider installing this Security Update at your earliest convenience.

Any references to Community Connect 3 in this document apply equally to RM Smart-Tools 3.

It is possible for standard users to access a hidden workstation partition, from which they are able to read a plain text file containing the Setup user's password. The file is created during the workstation build process. This password is the same for the local Administrator account on Community Connect 3 workstations and thereby will give a malicious user administrative rights to the workstations as well as enhanced access rights across the network.

NOTE: If you have applied HFXCC3028 to your network AND rebuilt ALL your workstations you will already be fully protected, but you should still apply this new Security Update HFXCC3043 as soon as possible.

If you have not yet installed SR4, apply this Security Update immediately.

Apply HFXCC3043 to your network following the installation instructions below. We strongly recommend you install the Security Update as soon as possible.

You should apply this Security Update as soon as possible if you are running a Community Connect 3 network.

HFXCC3043 should be applied to all Community Connect 3 domain controllers on your network.  It does not need to be applied to Community Connect 3 workstations directly but you will need to restart workstations for the Security Update to be installed.

1.      Select the HFXCC3043.exe file to download.

2.      Choose to Save the file, browse to the location you wish to save it to and click OK.

3.      When it has downloaded follow the installation instructions below to install the Security Update on each Community Connect 3 server.

NOTE: If you previously started to install the Security Update but cancelled the operation, follow the installation instructions in the 'Installing after cancelling a previous install' section below

1.      Download HFXCC3043.

2.      Log on to your first Community Connect 3 domain controller as Administrator (not SystemAdmin) and copy the Security Update to a temporary location (e.g. D:\temp).

3.      Run the Security Update by double-clicking the self-extracting executable file (HFXCC3043.exe).  The Security Update will extract files automatically (to D:\RMNetwork\RMmanage\RM Hotfixes\HFXCC3043_extracted) and run the RM Installation Assistant to begin the installation.

4.      When prompted, click Continue. The installation will proceed automatically and may take several minutes to complete. When prompted that the RM Installation Assistant has finished, click Finish.

5.      Repeat steps 2-4 at each of your other Community Connect 3 domain controllers.  HFXCC3043 does not need to be run on Community Connect 3 Member Servers or DAMMS servers.

6.      Restart your Community Connect 3 workstations for the Security Update to be installed fully.

1.      Log on to your first Community Connect 3 domain controller as Administrator (not SystemAdmin).

2.      Browse to D:\RMNetwork\RMManage\RM Hotfixes\HFXCC3043_extracted and double-click the file RM Installation Assistant.exe. (If this folder or its contents does not exist, re-run the HFXCC3043.exe file downloaded from the RM Support website).

3.      Follow the procedures in 'How to install the Security Update' from step 4 above.

HFXCC3043 is included in Service Release 4.

The Security Update can be installed onto networks running Community Connect 3 with Service Release 2 or Service Release 3.

This Security Update will not need to be re-applied after installing Community Connect 3 Service Release 2 or 3.

In order to protect your network more fully, consider taking the following actions:

1. Change the Setup user's password to a difficult-to-remember, alphanumeric string.
2. Apply HFXCC3028 (if you have not done so already) and recreate your workstation build disk(s).
3. Disable the Setup user account in the domain when you are not building workstations.