Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB3071088
HistoryApr 13, 2020 - 12:00 a.m.

MS15-086: Security update for Update Rollup 10 for System Center 2012 Operations Manager Service Pack 1: August 11, 2015

2020-04-1300:00:00
Microsoft
support.microsoft.com
55

6.5 Medium

AI Score

Confidence

High

JSON

MS15-086: Security update for Update Rollup 10 for System Center 2012 Operations Manager Service Pack 1: August 11, 2015

Introduction

This article describes the issues that are fixed in Update Rollup 10 for Microsoft System Center 2012 Operations Manager Service Pack 1 (SP1). Additionally, this article contains the installation instructions for Update Rollup 10 for System Center 2012 Operations Manager SP1.

Issues that are fixed in this update rollup

Operations Manager

  • The home page link on the Web Console noscript.aspx file is vulnerable to cross-site scripting (XSS)

A security vulnerability exists in the Web Console for System Center 2012 Operations Manager SP1 that could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. This fix resolves that vulnerability. For more information, see Microsoft Security Bulletin MS15-086.

  • CLR load order change

The current behavior for agents is to choose a CLR version based on the operating system version. For Windows Server 2012 and newer, the .NET Framework 4.0 is loaded. For operating systems older than Windows Server 2012, the .NET Framework 2.0 family is loaded. On management servers, the .NET Framework 2.0 family is loaded. This basically maps the .NET Framework version used to the version available out-of-box on the server. The problem with the current behavior is that even if the Management Pack author knows that .NET Framework 4.0 is present on the system it cannot be used.

In the new behavior, the agent loads the .NET Framework 4.0 if it is available else it falls back to the .NET Framework 2.0.

  • p_GroomTypeSpecificLogTables does not groom all MT_*Log tables

In a database, the grooming of certain MT$X$Y tables was missed because of the filtering logic. Therefore, the tables were never groomed. There were scenarios in which large amounts of unwanted data were stored in these tables. This issue is now fixed, and data from these tables will be groomed. This in turn will provide for performance gains because there will be less data to query from.

  • Branding update

Updates the “Operational Insights” name to “Operations Management Suite” in the System Center Operations Management console.

How to obtain and install Update Rollup 10 for System Center 2012 Operations Manager SP1

Download information

Update packages for Operations Manager are available from Microsoft Update or by manual download.

Microsoft Update

To obtain and install an update package from Microsoft Update, follow these steps on a computer that has an Operations Manager component installed:

  1. Click Start, and then click Control Panel.
  2. In Control Panel, double-click Windows Update.
  3. In the Windows Update window, click Check Online for updates from Microsoft Update.
  4. Click Important updates are available.
  5. Select the Update Rollup package, and then click OK.
  6. Click Install updates to install the update package.
Manual download of the update packages

Go to the following website to manually download the update packages from the Microsoft Update Catalog:

DownloadDownload the Operations Manager update package now.

__

Installation instructions

Installation notes

  • This update rollup package is available from Microsoft Update in the following languages:

    • Chinese Simplified (CHS)
    • Japanese (JPN)
    • French (FRA)
    • German (DEU)
    • Russian (RUS)
    • Italian (ITA)
    • Spanish (ESN)
    • Portuguese (Brazil) (PTB)
    • Chinese Traditional (CHT)
    • Korean (KOR)
    • Czech (CSY)
    • Dutch (NLD)
    • Polish (POL)
    • Portuguese (Portugal) (PTG)
    • Swedish (SWE)
    • Turkish (TUR)
    • Hungarian (HUN)
    • English (ENU)
    • Chinese Hong Kong (HK)

  • Some components are Multilanguage, and the updates for these components are not localized.

  • You must run this update rollup as an administrator.

  • If you do not want to restart the computer after you apply the console update, close the console before you apply the update for the console role.

  • To start a new instance of Microsoft Silverlight, clear the browser cache in Silverlight, and then restart Silverlight.

  • Do not install this update rollup package immediately after you install the System Center 2012 SP1 server. Otherwise, the Health Service state may not be initialized.

  • If User Account Control is enabled, run the .msp update files from an elevated command prompt.

  • You must have System Administrator rights on the database instances for the Operational Database and Data warehouse to apply updates to these databases.

After you install the web console fixes, add the following line to the %windir%\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config file:

<machineKey validationKey=“AutoGenerate,IsolateApps” decryptionKey=“AutoGenerate,IsolateApps” validation=“3DES” decryption=“3DES”/>

Note Add the line under the <system.web> section, as described in the following article in the Microsoft Knowledge Base:

911722 You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0

  • The fix for the data warehouse BULK insert commands time-out issue that is described in Update Rollup 5 for System Center 2012 Operations Manager Service Pack 1 adds a registry key. This key can be used to set the time-out value (in seconds) for the data warehouse BULK insert commands. These are the commands that insert new data into the data warehouse.

Note This key must be manually added on any management server on which you want to override the default BULK insert command time-out.

Registry location:HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Operations Manager\3.0\Data Warehouse

DWORD name: Bulk Insert Command Timeout Seconds
DWORD Value:nn

Note The placeholder nn represents a value in seconds. For example, set the value data to 40 for a 40-second time-out.

Supported installation orderWe recommend that you install this update rollup package by following these steps in the given order:

  1. Install the update rollup package on the following server infrastructure:
    * Management server or servers
    * Gateway servers
    * Web console server role computers
    * Operations console role computers

  2. Apply SQL scripts (see installation information).

  3. Manually import the management packs.

  4. Apply the agent update to manually installed agents, or push the installation from the Pending view in the Operations console.

Operations Manager updateTo download the update rollup package and extract the files that are contained in the update rollup package, follow these steps:

  1. Download the update packages that Microsoft Update provides for each computer. Microsoft Update provides the appropriate updates according to the components that are installed on each computer.
  2. Apply the appropriate MSP files on each computer.

Note MSP files are included in the update rollup package. Apply all MSP files that relate to a specific computer. For example, if the web console and console roles are installed on a management server, apply the MSP files on the management server. Apply one MSP file on a server for each specific role that the server holds.

  1. Execute the following Datawarehouse SQL script on Datawarehouse Server against OperationsManagerDW database:

UR_Datawarehouse.sql

Note This script is located in the following path:

%SystemDrive%\Program Files\System Center 2012 SP1\Operations Manager\Server\SQL Script for Update Rollups

  1. Execute the following Database SQL script on the Database server against the OperationsManagerDB database:

Update_rollup_mom_db.sql

  1. Import the following management packs:
    * Microsoft.SystemCenter.TFSWISynchronization.mpb. This has the following dependency:
    • Microsoft.SystemCenter.AlertAttachment.mpb. This should be installed from the System Center Operations Manager 2012 R2 media.
    • Microsoft.SystemCenter.Visualization.Library.mpb
* Microsoft.SystemCenter.IntelliTraceProfiling.mpb, which has the following dependencies:
  * Microsoft.SystemCenter.IntelliTraceCollectorInstallation.mpb

Note Install this file from the System Center Operations Manager (SCOM) 2012 SP1 Media.

  * Microsoft.Windows.InternetInformatonServices.Common.mpb

Note Install this file from the online catalog.

* Microsoft.SystemCenter.Visualization.Component.Library.mpb
* Microsoft.SystemCenter.Visualization.Library.mpb
* Microsoft.SystemCenter.Advisor.mpb
* Microsoft.SystemCenter.Advisor.Internal.mpb
* Microsoft.SystemCenter.2007.mp
* Microsoft.SystemCenter.Advisor.Resources.**LANGUAGECODE_3LTR**.mpb
* Microsoft.SystemCenter.Image.Library.mp
* Microsoft.SystemCenter.Apm.Infrastructure.Monitoring.mp
* Microsoft.SystemCenter.Apm.Infrastructure.mpb
* Microsoft.SystemCenter.Apm.Library.mpb
* Microsoft.SystemCenter.DataWarehouse.Report.Library.mp
* Microsoft.SystemCenter.DataWarehouse.Reports.mp
* Microsoft.SystemCenter.DataWarehouse.ServiceLevel.Report.Library.mp

For information about how to import a management pack from a disk, see the How to Import an Operations Manager Management Pack topic on the Microsoft TechNet website.

Note Management packs are included in the Server component updates in the following path:

%SystemDrive%\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Management Packs for Update Rollups

UNIX and Linux Management Pack updateTo install the updated monitoring packs and agents for UNIX and Linux operating systems, follow these steps:

  1. Apply Update Rollup 8 to your System Center 2012 SP1 Operations Manager environment.
  2. Download the updated management packs for System Center 2012 SP1 from the following Microsoft website:

System Center Management Pack for UNIX and Linux Operating Systems
3. Install the management pack update package to extract the management pack files.
4. Import the updated management pack for each version of Linux or UNIX that you are monitoring in your environment.
5. Upgrade each agent to the latest version by using either the Update-SCXAgent Windows PowerShell cmdlet or the UNIX/Linux Agent Upgrade Wizard in the Administration pane of the Operations Console.

__

Uninstall information

To uninstall an update, run the following command:

msiexec /uninstall PatchCodeGuid /package RTMProductCodeGuid
Note In this command, PatchCodeGuid is a placeholder that represents one of the following GUIDs.

PatchCodeGUID Component Architecture Language
{D358AC69-5C29-4E7F-A34A-EA93764FE720} Agent amd64 en
{457BF33B-4B55-4802-868C-29187C430C4E} ACS amd64 en
{D4F09437-8AF7-48CE-A521-AC3AA92320B7} Console amd64 en
{88789E84-ACAD-4C14-A93B-A4655511813B} WebConsole amd64 en
{5EAD5BB1-DF10-49CD-BA2F-F174AE027296} Gateway amd64 en
{9A44C69B-96CA-424B-A61A-0C6FC8BF440F} Server amd64 en
{8E8A0605-0E70-4C79-91E7-BE02C1E0F473} Agent x86 en
{A5FDC2AC-5415-4378-B438-245EB94244B2} Console x86 en
{512EC5E2-F69E-45E9-B2E3-FEB0157FA0E7} ACS amd64 cn
{78CF65E3-F6DF-4DFD-BFB4-B73DC7603CFB} Console amd64 cn
{5F5CB8DE-1E57-4204-8A01-88A549B8BBC2} WebConsole amd64 cn
{B989DFFF-D67A-44CD-B710-330A96F50F5E} Console x86 cn
{A0A304F3-1706-473E-90AB-9D795332ABE5} ACS amd64 cs
{A0086017-E62A-4DCB-950A-D304BE7CDD60} Console amd64 cs
{FF21B7EF-CC35-41BE-9145-F001A6EE6FB2} WebConsole amd64 cs
{2ACCF63B-B531-444D-9E88-A02FC2C67DD0} Console x86 cs
{282665F7-E0B6-4E7B-8CD9-830A0D31721C} ACS amd64 de
{84E4BE29-EC81-4DF3-AE4E-3D7EE7F8B10F} Console amd64 de
{53259074-5F39-4397-9368-94D2D6349A46} WebConsole amd64 de
{D6F2D8AB-51CD-42E5-8BA0-CC0ADC3CDB73} Console x86 de
{6B253A01-EDF6-4368-906A-4F50DD047FBE} ACS amd64 es
{B1BAC548-1B44-43E1-A592-EACB0EBBEB65} Console amd64 es
{10A6165E-8C65-462F-9A80-BA85002DB199} WebConsole amd64 es
{DDD0F31A-6BDF-41F3-8625-8A4B31B1DACA} Console x86 es
{1CD8784F-8FB7-46AA-8F3A-9F99E4ADDAEE} ACS amd64 fr
{FD2FD6DF-6E07-4F4A-B3E3-F88EAE8199CC} Console amd64 fr
{33235B8F-DEC0-49F6-A1CB-8533894E4CB6} WebConsole amd64 fr
{1A7872C6-E486-4FCD-9160-C47CFA88ADEB} Console x86 fr
{0001BC77-E094-4B9A-A05C-D3FF2815D55C} ACS amd64 hu
{C4239946-1785-41C1-9ECB-8778800EA685} Console amd64 hu
{08C5EB86-F56F-4439-9CF7-58FB38378CA6} WebConsole amd64 hu
{E77E4C64-B0E6-47E7-A10A-1858F922BB43} Console x86 hu
{949DC130-4E33-4CEA-8624-0A70D44C9FB6} ACS amd64 it
{164EEB3B-5796-486D-B0C1-B07F42545A86} Console amd64 it
{9EBFC981-0831-4990-9206-E34DA41CC91F} WebConsole amd64 it
{5E4589EB-40D6-411E-8660-D76336CA9C9D} Console x86 it
{01424C3B-D984-4E4F-967D-F28122ACD068} ACS amd64 ja
{47C36A5B-97A3-41DB-BE99-5C9B90EE21A3} Console amd64 ja
{25225641-E2C7-4367-B21D-51F5ED23910F} WebConsole amd64 ja
{A232FE28-A4E3-4B18-94E9-B621D1916F1D} Console x86 ja
{9FE00AA5-DE5A-47A4-BC0E-A4B21AA5681D} ACS amd64 ko
{626127B4-FBFD-4ECB-8431-BB5892666B33} Console amd64 ko
{62F276A2-06C0-459B-9231-E650F8C4C6EE} WebConsole amd64 ko
{CD8A05A6-BFF5-4D94-907B-47B02C3FC083} Console x86 ko
{038660BA-FC7F-4457-9AA5-78A2CF838D6D} ACS amd64 nl
{E1318444-B131-49BF-88F2-DE32FEC08828} Console amd64 nl
{A36CAA22-8F2C-4067-B212-5D3AF2ED88C0} WebConsole amd64 nl
{EC7F4CF6-BB03-4EA9-95CA-98226B1607B0} Console x86 nl
{58A6FF2A-1C01-404D-ABF5-F07895DA2BA0} ACS amd64 pl
{6282D513-4C9C-4C37-8C6C-52E0D6D7AFE0} Console amd64 pl
{CDA26C7B-6206-4F82-9E03-771944DCC547} WebConsole amd64 pl
{73FA9C3E-DA6C-4163-81E3-B156A2448507} Console x86 pl
{747FC835-EE08-4FDE-AE2E-DFDFD8737D0D} ACS amd64 pt-br
{86FDB515-0924-4DD1-A85D-8E66A1228791} Console amd64 pt-br
{9CA90E93-76E2-4495-885D-1C5CB6225B92} WebConsole amd64 pt-br
{B2775F58-C838-4C2D-AB90-A5C591C56142} Console x86 pt-br
{4285C331-5C90-419D-95EB-5661E4585322} ACS amd64 pt-pt
{CA799F06-E5B4-4974-B4CA-E8A3AEA4120C} Console amd64 pt-pt
{6CF6E35F-7988-4FCE-9DC6-0790DB6F8926} WebConsole amd64 pt-pt
{92E256F4-4E72-40F8-B43D-CABB17FFA7AC} Console x86 pt-pt
{DC715B29-0BFA-4EFB-92B3-E608C91636B4} ACS amd64 ru
{B9064B22-EC62-4C85-859B-63D3019763DC} Console amd64 ru
{62EACC72-E048-4DA1-BD0A-781EB4D3061A} WebConsole amd64 ru
{F5CD746F-05CA-4A55-A020-A9F4159F6524} Console x86 ru
{FD624243-62B5-4549-8AE3-B205CDA9D327} ACS amd64 sv
{BA1BE481-F2DC-45B5-A5F0-C2EE215ADC15} Console amd64 sv
{626DDA5D-2DBB-4E19-AAEE-EFF10C142E3A} WebConsole amd64 sv
{810D40FE-069C-4EFB-9A49-85F1D4618F79} Console x86 sv
{9E1D528A-58B7-46E6-A61B-8018CA336FF4} ACS amd64 tr
{B75A9FA4-94B1-48B8-9448-540A47D3D8B7} Console amd64 tr
{12A3AC36-FE0E-4228-8673-67B2D7EE711A} WebConsole amd64 tr
{A0B5AAC2-4C86-447C-9886-64D21EEBD70C} Console x86 tr
{29C3D19A-37A9-43F5-9FB7-B690C5DFA09A} ACS amd64 tw
{2729D54F-239D-4A7E-B872-4AD6EA003A46} Console amd64 tw
{C434EC18-F74C-4A64-9EF0-AD736BE18316} WebConsole amd64 tw
{A0EFEACA-28C2-4196-8B32-AC09E2FE28A1} Console x86 tw
{6E404EC3-A487-4B09-B1A8-07E17D4FADC3} ACS amd64 zh-hk
{70F39FE3-9E7F-4673-8246-8C279E2B9FDD} Console amd64 zh-hk
{6DD96802-733F-4FDD-A3CB-5C25AF4DC8EA} WebConsole amd64 zh-hk
{F6981DF2-A8EB-4F88-93C6-663B009C1CF0} Console x86 zh-hk

Additionally, RTMProductCodeGuid is a placeholder that represents one of the following GUIDs:

Component RTMProductCodeGuid
Server {8070C91C-7D7C-4DAD-88B1-0966EEA9A8FE}
Console (AMD64) {5142AB0B-73E3-4AD3-9D0F-65B3D9026769}
Console (x86) {358C8AF0-25BB-425A-A4E6-7ADE54ED4736}
WebConsole (AMD64) {5ED945BA-2BDD-4567-804E-8D3D2DB5CC9B}
ACS {3E7464F7-A468-44E1-9A95-58349E022EAE}
Agent (AMD64) {8B21425D-02F3-4B80-88CE-8F79B320D330}
Agent (x86) {387306D9-78CE-4E0E-B952-28A50CC8B3EE}
Agent (IA-64) {F3DDB021-89BC-464F-9107-69E2547D08FD}
Gateway {80C2A57A-4193-4800-AA27-CD79553FE9DF}
SCX-ACS (AMD64) {B30F4F71-2AF3-4542-855B-E1C7A31AC9A5}
SCX-ACS (x86) {B30F4F71-2AF3-4542-855B-E1C7A31AC9A5}

__

Files updated in this update rollup

The following is a list of files that have changed in this update rollup. If you do not have all previous update rollups installed, files other than those listed here may also be updated. For a complete list of files that are updated, refer to the “Files Updated in this Update Rollup” section of all update rollups that were released after your current update rollup.

Files that are updated Version Size
HealthServiceRuntime.dll 7.0.9538.1136 311 KB
Microsoft.EnterpriseManagement.UI.Administration.dll 7.0.9538.1136 4.25 MB
Microsoft.EnterpriseManagement.UI.Administration.resources.dll 7.0.9538.1136 2.41 MB
Microsoft.EnterpriseManagement.Presentation.WebConsole.dll 7.0.9538.1136 106 KB
Microsoft.Mom.Common.dll 7.0.9538.1136 255 KB
Microsoft.EnterpriseManagement.Monitoring.Console.exe 7.0.9538.1136 4.45 MB
update_rollup_mom_db.sql 7.0.9538.1136 62 KB

6.5 Medium

AI Score

Confidence

High

JSON