Remove the 'change' button from "Programs and Features" because it does not checks if a user is an admin or not. The installer has no components to choose from and always installs everything. So the 'change' button is not obviously needed but can create a security issue.
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423 fixes: CVE-2023-0664 (part 1 of 2) Signed-off-by: Konstantin Kostiuk <kkost...@redhat.com> Reviewed-by: Yan Vugenfirer <yvuge...@redhat.com> Reported-by: Brian Wiltse <brian.wil...@live.com> --- qga/installer/qemu-ga.wxs | 1 + 1 file changed, 1 insertion(+) diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs index 51340f7ecc..feb629ec47 100644 --- a/qga/installer/qemu-ga.wxs +++ b/qga/installer/qemu-ga.wxs @@ -31,6 +31,7 @@ /> <Media Id="1" Cabinet="qemu_ga.$(var.QEMU_GA_VERSION).cab" EmbedCab="yes" /> <Property Id="WHSLogo">1</Property> + <Property Id="ARPNOMODIFY" Value="yes" Secure="yes" /> <MajorUpgrade DowngradeErrorMessage="Error: A newer version of QEMU guest agent is already installed." /> -- 2.25.1