Windows Installer Provider Security
Installer Provider allows remote installation of a user
specified Installer Package or a Microsoft Windows Installer
package file. Improper or unauthorized use of this provider could
result in remote execution of code, leaking of high privileged
credentials, compromise or damage to the remote or local server.
MPF Developers and Administrators should take special care when
using or exposing this API through higher level namespaces or user
interfaces. Here are a few key considerations:
Both the Install and Uninstall methods accept the following
parameters installedServer, msiInstallHelper,
msiPackage. Each of these input parameters must be
installedServer should be sourced from a known
installedServer should never be based directly on user
both msiInstallHelper and msiPackage should be
sourced from a list of known good values and should never be based
directly on user input.
all MSIs in the list of known good MSI's should be stored in a
secure location, tested and checked for malicious code
Firewall rules should be configured such that the MPF Engine
servers can only establish RPC connections to a list of known valid
Both the Install and Uninstall methods accept a userName
and userPassword. These are presumably high privileged
credentials in that they have the right to install applications.
You should take the following precautions:
Credentials should be Stored in a secure and encrypted
A strong password policy should be in force
Password should be changed regularly
Should not be a well known account such as "administrator"