J003-Content-QuickTime-no-longer-safe_SQApple’s QuickTime has been around for some time. It was installed together with iTunes, it was needed to service your iDevices and organise your music and movies. At this moment, iTunes (version 10.5 onwards) and other Apple software no longer need a QuickTime installation, which made it obsolete for Apple to maintain the software. Last week, the Department of Homeland Security recommended Windows users to uninstall QuickTime because of potential security holes.

Two advisories have been posted about zero-day exploits since: ZDI-16-241 and ZDI-16-242. According to the writers behind the Zero Day Initiative, these advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy, in case vendors do not release security updates.

There are no reported attacks or breaches via these vulnerabilities yet, but both vulnerabilities talk about the execution of arbitrary code when an affected machine is visiting a page with malicious code on it. As with every vulnerability that is out there, it is not a matter of if it will be exploited, but when. Apple will not patch this vulnerability so the advice from security experts is to uninstall the software completely. From a single Windows computer point of view, it is simply a matter of going to the Control Panel and, just as any other program, uninstall QuickTime 7 from the list of installed software. You can find information on how to uninstall Apple QuickTime for Windows from the Apple website here: https://support.apple.com/HT205771

The challenge starts to get tougher when you need to uninstall QuickTime from all the machines in your network. When software is installed on every (or many) machines within a network, it could be a difficult task to do the same process over and over again for each machine within your reach.

This is where a solution like GFI LanGuard (the network security solution with vulnerability assessment and patch management) can help out. When all machines have been scanned with GFI LanGuard, the inventory of software is known. With the next scan, it is possible to start a remediation-round that also uninstalls QuickTime 7. Here’s a quick step by step guide and How To video to guide you through this process, and if you still don’t have a copy of GFI LanGuard, you can get your free 30-day trial by clicking here.

  • First, you’ll need to run a Software Audit, if this was not done yet. QuickTime 7 typically can be found under Network & Software Audit | Software | General Applications.
  • Now in Configuration, go to Application Inventory and lookup QuickTime7. Right click on the entry and select Configure selected. A wizard will guide you through the process.
  • Next, select the scan-profiles under which the application will be marked as High Security Vulnerability. This can be either of the options given. The next step will show which applications are affected by the removal of QuickTime 7. Simply click Finish and this step is done.
  • QuickTime should now be in the list of Application Auto-Uninstall Validations and needs to be validated for removal. Right click on the entry and select Validate. This process will select one of the machines in the database to start a test-uninstall from.
  • You will then be asked for Authentication. In most cases where GFI LanGuard is already up and running, choose the account that was designed for this, and check the box for the ‘per computer credentials’.
  • The next process will monitor the uninstall of QuickTime 7 on the given machine and report back the successful uninstall of the software. It will be confirmed with a dialog-screen claiming that the application QuickTime 7 is ready for auto-uninstall.
  • When this application needs to be uninstalled automatically, it is mandatory to have a scheduled scan set up. If this was not done already, one can be added via Configuration, Scheduled Scans. Right click in the right pane and select New scheduled scan. A wizard will then guide you through the process.
  • It’s now time to select which computers should be subjected to this scan, and don’t forget to also name the job (for example Uninstall QuickTime 7).
    The next step will ask you for the Profile that needs to be taken with the scan. If you only needed to uninstall this application, a short scan like Network & Software audit | Software Audit will do just fine.
  • The next step will ask for credentials under which this scan will run. This will be the same as with all other scans. Next you will be asked about what GFI LanGuard should do when computers are not online or what needs to be done after the scan has been done.
  • In the following step you will need to check the Uninstall unauthorized applications option, and then continue to the next step where it is possible to receive reports via e-mail about the result.
  • Finally finish the last step where you can Enable the scan (by default, this is not enabled).
  • After this scheduled scan has executed, the report is in the e-mail, where the PDF will show which machines have had the software uninstalled.

Congratulations, your network is now free of the QuickTime software and less vulnerable to exploits.