Hi guys,

The vulnerability exists in the Bonjour installer that gets installed in Windows machines along with the iTunes and iCloud for Windows app. 

This vulnerability in Bonjour installer is an 'unquoted service path' vulnerability, and can be exploited by planting a malicious executable file to the parent path. Further this exploit's chain of process execution goes undetected by Anti-virus solutions as Bonjour has a legitimate process signed by a known vendor. 

So patch this vulnerability right away using Desktop Central by searching and applying the following patch IDs.

iTunes 12.10.1 for Windows:

PatchID : 311174

Bulletin ID : TU-012

Patch Description : Apple iTunes (12.10.1.4)

PatchID : 311175

Bulletin ID : TU-012

Patch Description : Apple iTunes (X64) (12.10.1.4)

iCloud for Windows 7.14:

PatchID : 311176

Bulletin ID : TU-132

Patch Description : iCloud (7.14.0.29)

Note: Uninstalling iTunes and iCloud for Windows will not remove the Bonjour installer as it gets downloaded as a separate program in the system. So for users who previously used iTunes and iCloud for Windows, the Bonjour installer is probably still running silently in the background and is vulnerable to exploitation.

Hence to quickly uninstall this program, you can use Desktop Central. Navigate to Inventory --> Software and search for Bonjour. If you have it in your endpoints, it will show up in the search following which you can delete it by clicking on the 'Trash' icon next to it.

Cheers