June 3, 2025 – SolarWinds Worldwide, LLC has announced the release of Dameware 12.3.2, a critical service update focused on bug fixes, security enhancements, and library upgrades.
The release, dated June 2, 2025, addresses several technical issues reported by users and security researchers, further strengthening the reliability and safety of Dameware remote support solutions.
Security Fixes and CVE Disclosure
A highlight of Dameware 12.3.2 is the resolution of a significant security vulnerability, identified as CVE-2025-26396.
This vulnerability, classified as a Local Privilege Escalation (LPE) issue, was discovered in the Dameware Mini Remote Control Service due to incorrect permissions.
Exploitation of this flaw could allow a local attacker with a low-privilege account to elevate their privileges on the affected system.
SolarWinds credited Alexander Pudwill, in collaboration with Trend Micro Zero Day Initiative, for responsibly reporting the issue.
The vulnerability was assigned a CVSS v3.1 base score of 7.8 (High), reflecting its potential impact if left unpatched.
CVE Table:
| CVE-ID | Vulnerability Title | Severity | Credit |
|---|---|---|---|
| CVE-2025-26396 | Mini Remote Control Service Incorrect Permissions LPE | 7.8 High | Alexander Pudwill, Trend Micro ZDI |
Administrators are urged to update to 12.3.2 promptly to mitigate this risk.
Key Bug Fixes and Technical Enhancements
Dameware 12.3.2 addresses several technical issues that enhance the stability and functionality of the platform, particularly in multi-server and proxy environments. Notable bug fixes include:
- 2-Server Setup CA Certificate Download: The update resolves an issue where users in a two-server configuration were previously unable to download the Certificate Authority (CA) certificate, improving deployment flexibility.
- Proxy Certificate Updates: The proxy certificate now correctly updates when a machine’s IP address changes, ensuring uninterrupted secure communications.
- Session Stability: Remote sessions no longer disconnect when the internet proxy IP is changed to a hostname, supporting smoother transitions in dynamic network environments.
Bug Fix Table:
| Case Number | Description |
|---|---|
| N/A | 2-server setup now allows download of CA certificate |
| N/A | Proxy certificate updates after machine’s IP address changes |
| N/A | Sessions no longer disconnect when changing proxy IP to hostname |
These fixes are critical for organizations that rely on Dameware for secure, continuous remote access and support.
Library Upgrades and General Improvements
In addition to security and bug fixes, Dameware 12.3.2 introduces several library and dependency upgrades to enhance performance, compatibility, and security.
The following components were updated:
- CodeJock Xtreme Toolkit Pro library
- zlib library
- Chilkat API library
- .NET dependencies
These upgrades ensure Dameware remains compatible with the latest operating systems and third-party integrations, while also benefiting from upstream security and performance improvements.
Sample .NET Upgrade Code:
xml
SolarWinds recommends all customers review the Dameware 12.3.1 Release Notes for information on end-of-life (EOL) notices and upgrade procedures.
Dameware 12.3.2 is a vital update for all users, delivering essential security and stability improvements.
Organizations are encouraged to upgrade immediately to benefit from the latest protections and technical enhancements, ensuring uninterrupted and secure remote support operations.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Source link
