- When upgrading Installer Service client to 8.0Rx, you will see the previous version and new version listed under 'Installed Programs’ category. This issue is due to a registry cleanup issue.
- When upgrading Installer Service client from 7.1Rx to 8.0Rx, you will be prompted for administrator credentials.
This was fixed in 8.0R7 onwards, the Release Notes (https://www.pulsesecure.net/download/techpubs/current/16) document the fix as: PRS-318013, PRS-317942 - JIS: Self upgrade results in UAC prompt for admin credentials
So upgrading from 7.1 or 7.4 to 8.0R7 or later will not encounter the issue described in this article.
Q: What clients are impacted by this vulnerability?
A: Only Windows machines that are running an affected versions of Pulse Secure Desktop Client or Installer Service client as stated in the Problem or Goal section (above).
Q: How do I upgrade Pulse Secure Desktop Client to resolve this vulnerability?
A: You can distribute the Pulse Secure Desktop Client either by web deployment through the PCS/MAG PCS device or using a software management system to deploy the Pulse Secure Desktop Client MSI file. For more information deploying the Pulse Secure Desktop Client MSI file, refer to the section 'Installing the Junos Pulse client on Windows Endpoint using a Preconfiguration File' in the relevant Pulse Client Desktop Administration Guide in the Techpubs section.
Pulse Secure Support site.
Q: Can I install Pulse Secure Desktop Client 5.0R1 and above to resolve this issue?
A: Yes, the vulnerability is fixed in Pulse Secure Desktop Client 5.0R1 and above.
The Pulse Secure Desktop Client can be downloaded from the Software Download section of the
Q: How do I find the version of Installer Service client running on my machine?
A: Version information will be stated in the versionInfo.ini file in the C:\Program Files\Juniper Networks\Installer Service\
In this example, the version would be 8.0R4. The first two digits major release (8.0). The third digit is the minor release (R4).
Q: Can the PCS/MAG PCS device auto-upgrade Installer Service client? How do I upgrade Installer Service client?
A: No, Installer Service (either EXE or MSI) must be pushed by a software management system, like SMS/SMC, or a manual process.
Q: I do not use Installer Service anymore. Can I uninstall Installer Service to fix the vulnerability instead of upgrading?
A: Yes. If you do not use Installer Service anymore, you may uninstall to avoid the vulnerability.
Q: Do I need to upgrade both Installer Service client and Pulse Secure Desktop client to fix the vulnerability?
A: If you have both Installer Service client and Pulse Secure Desktop Client installed on your machine, both clients must be upgraded to fix the vulnerability. If you only have Installer Service client installed, you only need to upgrade the Installer Service client. If you only have Pulse Secure Desktop Client installed, you only need to upgrade the Pulse Secure Desktop Client.
Q: Do I need to upgrade the software on the PCS/PCS MAG device?
A: No, you do not need to upgrade the software on the PCS/MAG PCS device. This is a client side issue for Installer Service and the Pulse Secure Desktop Client. The solution is to upgrade your clients. For Installer Service, the vulnerability is fixed in JIS 7.4R6 and above. Installer Service is forward and backward compatible with all PCS software version above 6.5 releases.