MS15-086: Security update for Update Rollup 10 for System Center 2012 Operations Manager Service Pack 1: August 11, 2015

Introduction
This article describes the issues that are fixed in Update Rollup 10 for Microsoft System Center 2012 Operations Manager Service Pack 1 (SP1). Additionally, this article contains the installation instructions for Update Rollup 10 for System Center 2012 Operations Manager SP1.

Issues that are fixed in this update rollup

Operations Manager

  • The home page link on the Web Console noscript.aspx file is vulnerable to cross-site scripting (XSS)

    A security vulnerability exists in the Web Console for System Center 2012 Operations Manager SP1 that could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. This fix resolves that vulnerability. For more information, see Microsoft Security Bulletin MS15-086.

  • CLR load order change

    The current behavior for agents is to choose a CLR version based on the operating system version. For Windows Server 2012 and newer, the .NET Framework 4.0 is loaded. For operating systems older than Windows Server 2012, the .NET Framework 2.0 family is loaded. On management servers, the .NET Framework 2.0 family is loaded. This basically maps the .NET Framework version used to the version available out-of-box on the server. The problem with the current behavior is that even if the Management Pack author knows that .NET Framework 4.0 is present on the system it cannot be used.

    In the new behavior, the agent loads the .NET Framework 4.0 if it is available else it falls back to the .NET Framework 2.0.

  • p_GroomTypeSpecificLogTables does not groom all MT_*Log tables

    In a database, the grooming of certain MT$X$Y tables was missed because of the filtering logic. Therefore, the tables were never groomed. There were scenarios in which large amounts of unwanted data were stored in these tables. This issue is now fixed, and data from these tables will be groomed. This in turn will provide for performance gains because there will be less data to query from.

  • Branding update

    Updates the "Operational Insights" name to "Operations Management Suite" in the System Center Operations Management console.

How to obtain and install Update Rollup 10 for System Center 2012 Operations Manager SP1

Download information

Update packages for Operations Manager are available from Microsoft Update or by manual download.

Microsoft Update
To obtain and install an update package from Microsoft Update, follow these steps on a computer that has an Operations Manager component installed:
  1. Click Start, and then click Control Panel.
  2. In Control Panel, double-click Windows Update.
  3. In the Windows Update window, click Check Online for updates from Microsoft Update.
  4. Click Important updates are available.
  5. Select the Update Rollup package, and then click OK.
  6. Click Install updates to install the update package.
Manual download of the update packages
Go to the following website to manually download the update packages from the Microsoft Update Catalog:


Installation instructions

Installation notes
  • This update rollup package is available from Microsoft Update in the following languages:
    • Chinese Simplified (CHS)
    • Japanese (JPN)
    • French (FRA)
    • German (DEU)
    • Russian (RUS)
    • Italian (ITA)
    • Spanish (ESN)
    • Portuguese (Brazil) (PTB)
    • Chinese Traditional (CHT)
    • Korean (KOR)
    • Czech (CSY)
    • Dutch (NLD)
    • Polish (POL)
    • Portuguese (Portugal) (PTG)
    • Swedish (SWE)
    • Turkish (TUR)
    • Hungarian (HUN)
    • English (ENU)
    • Chinese Hong Kong (HK)


  • Some components are Multilanguage, and the updates for these components are not localized.
  • You must run this update rollup as an administrator.
  • If you do not want to restart the computer after you apply the console update, close the console before you apply the update for the console role.
  • To start a new instance of Microsoft Silverlight, clear the browser cache in Silverlight, and then restart Silverlight.
  • Do not install this update rollup package immediately after you install the System Center 2012 SP1 server. Otherwise, the Health Service state may not be initialized.
  • If User Account Control is enabled, run the .msp update files from an elevated command prompt.
  • You must have System Administrator rights on the database instances for the Operational Database and Data warehouse to apply updates to these databases.

    After you install the web console fixes, add the following line to the %windir%\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config file:

    <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>


    Note Add the line under the <system.web> section, as described in the following article in the Microsoft Knowledge Base:

    911722 You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0

  • The fix for the data warehouse BULK insert commands time-out issue that is described in Update Rollup 5 for System Center 2012 Operations Manager Service Pack 1 adds a registry key. This key can be used to set the time-out value (in seconds) for the data warehouse BULK insert commands. These are the commands that insert new data into the data warehouse.

    Note This key must be manually added on any management server on which you want to override the default BULK insert command time-out.

    Registry location:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Operations Manager\3.0\Data Warehouse


    DWORD name: Bulk Insert Command Timeout Seconds
    DWORD Value:nn

    Note The placeholder nn represents a value in seconds. For example, set the value data to 40 for a 40-second time-out.

Supported installation order
We recommend that you install this update rollup package by following these steps in the given order:
  1. Install the update rollup package on the following server infrastructure:
    • Management server or servers
    • Gateway servers
    • Web console server role computers
    • Operations console role computers


  2. Apply SQL scripts (see installation information).
  3. Manually import the management packs.
  4. Apply the agent update to manually installed agents, or push the installation from the Pending view in the Operations console.


Operations Manager update
To download the update rollup package and extract the files that are contained in the update rollup package, follow these steps:
  1. Download the update packages that Microsoft Update provides for each computer. Microsoft Update provides the appropriate updates according to the components that are installed on each computer.
  2. Apply the appropriate MSP files on each computer.

    Note MSP files are included in the update rollup package. Apply all MSP files that relate to a specific computer. For example, if the web console and console roles are installed on a management server, apply the MSP files on the management server. Apply one MSP file on a server for each specific role that the server holds.

  3. Execute the following Datawarehouse SQL script on Datawarehouse Server against OperationsManagerDW database:

    UR_Datawarehouse.sql


    Note This script is located in the following path:

    %SystemDrive%\Program Files\System Center 2012 SP1\Operations Manager\Server\SQL Script for Update Rollups

  4. Execute the following Database SQL script on the Database server against the OperationsManagerDB database:

    Update_rollup_mom_db.sql

  5. Import the following management packs:
    • Microsoft.SystemCenter.TFSWISynchronization.mpb. This has the following dependency:
      • Microsoft.SystemCenter.AlertAttachment.mpb. This should be installed from the System Center Operations Manager 2012 R2 media.
      • Microsoft.SystemCenter.Visualization.Library.mpb


    • Microsoft.SystemCenter.IntelliTraceProfiling.mpb, which has the following dependencies:
      • Microsoft.SystemCenter.IntelliTraceCollectorInstallation.mpb

        Note Install this file from the System Center Operations Manager (SCOM) 2012 SP1 Media.

      • Microsoft.Windows.InternetInformatonServices.Common.mpb

        Note Install this file from the online catalog.


    • Microsoft.SystemCenter.Visualization.Component.Library.mpb
    • Microsoft.SystemCenter.Visualization.Library.mpb
    • Microsoft.SystemCenter.Advisor.mpb
    • Microsoft.SystemCenter.Advisor.Internal.mpb
    • Microsoft.SystemCenter.2007.mp
    • Microsoft.SystemCenter.Advisor.Resources.LANGUAGECODE_3LTR.mpb
    • Microsoft.SystemCenter.Image.Library.mp
    • Microsoft.SystemCenter.Apm.Infrastructure.Monitoring.mp
    • Microsoft.SystemCenter.Apm.Infrastructure.mpb
    • Microsoft.SystemCenter.Apm.Library.mpb
    • Microsoft.SystemCenter.DataWarehouse.Report.Library.mp
    • Microsoft.SystemCenter.DataWarehouse.Reports.mp
    • Microsoft.SystemCenter.DataWarehouse.ServiceLevel.Report.Library.mp

For information about how to import a management pack from a disk, see the How to Import an Operations Manager Management Pack topic on the Microsoft TechNet website.

Note Management packs are included in the Server component updates in the following path:

%SystemDrive%\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Management Packs for Update Rollups


UNIX and Linux Management Pack update
To install the updated monitoring packs and agents for UNIX and Linux operating systems, follow these steps:
  1. Apply Update Rollup 8 to your System Center 2012 SP1 Operations Manager environment.
  2. Download the updated management packs for System Center 2012 SP1 from the following Microsoft website:

  3. Install the management pack update package to extract the management pack files.
  4. Import the updated management pack for each version of Linux or UNIX that you are monitoring in your environment.
  5. Upgrade each agent to the latest version by using either the Update-SCXAgent Windows PowerShell cmdlet or the UNIX/Linux Agent Upgrade Wizard in the Administration pane of the Operations Console.

Uninstall information

To uninstall an update, run the following command:

msiexec /uninstall PatchCodeGuid /package RTMProductCodeGuid

Note In this command, PatchCodeGuid is a placeholder that represents one of the following GUIDs.

PatchCodeGUIDComponentArchitectureLanguage
{D358AC69-5C29-4E7F-A34A-EA93764FE720}Agentamd64en
{457BF33B-4B55-4802-868C-29187C430C4E}ACSamd64en
{D4F09437-8AF7-48CE-A521-AC3AA92320B7}Consoleamd64en
{88789E84-ACAD-4C14-A93B-A4655511813B}WebConsoleamd64en
{5EAD5BB1-DF10-49CD-BA2F-F174AE027296}Gatewayamd64en
{9A44C69B-96CA-424B-A61A-0C6FC8BF440F}Serveramd64en
{8E8A0605-0E70-4C79-91E7-BE02C1E0F473}Agentx86en
{A5FDC2AC-5415-4378-B438-245EB94244B2}Consolex86en
{512EC5E2-F69E-45E9-B2E3-FEB0157FA0E7}ACSamd64cn
{78CF65E3-F6DF-4DFD-BFB4-B73DC7603CFB}Consoleamd64cn
{5F5CB8DE-1E57-4204-8A01-88A549B8BBC2}WebConsoleamd64cn
{B989DFFF-D67A-44CD-B710-330A96F50F5E}Consolex86cn
{A0A304F3-1706-473E-90AB-9D795332ABE5}ACSamd64cs
{A0086017-E62A-4DCB-950A-D304BE7CDD60}Consoleamd64cs
{FF21B7EF-CC35-41BE-9145-F001A6EE6FB2}WebConsoleamd64cs
{2ACCF63B-B531-444D-9E88-A02FC2C67DD0}Consolex86cs
{282665F7-E0B6-4E7B-8CD9-830A0D31721C}ACSamd64de
{84E4BE29-EC81-4DF3-AE4E-3D7EE7F8B10F}Consoleamd64de
{53259074-5F39-4397-9368-94D2D6349A46}WebConsoleamd64de
{D6F2D8AB-51CD-42E5-8BA0-CC0ADC3CDB73}Consolex86de
{6B253A01-EDF6-4368-906A-4F50DD047FBE}ACSamd64es
{B1BAC548-1B44-43E1-A592-EACB0EBBEB65}Consoleamd64es
{10A6165E-8C65-462F-9A80-BA85002DB199}WebConsoleamd64es
{DDD0F31A-6BDF-41F3-8625-8A4B31B1DACA}Consolex86es
{1CD8784F-8FB7-46AA-8F3A-9F99E4ADDAEE}ACSamd64fr
{FD2FD6DF-6E07-4F4A-B3E3-F88EAE8199CC}Consoleamd64fr
{33235B8F-DEC0-49F6-A1CB-8533894E4CB6}WebConsoleamd64fr
{1A7872C6-E486-4FCD-9160-C47CFA88ADEB}Consolex86fr
{0001BC77-E094-4B9A-A05C-D3FF2815D55C}ACSamd64hu
{C4239946-1785-41C1-9ECB-8778800EA685}Consoleamd64hu
{08C5EB86-F56F-4439-9CF7-58FB38378CA6}WebConsoleamd64hu
{E77E4C64-B0E6-47E7-A10A-1858F922BB43}Consolex86hu
{949DC130-4E33-4CEA-8624-0A70D44C9FB6}ACSamd64it
{164EEB3B-5796-486D-B0C1-B07F42545A86}Consoleamd64it
{9EBFC981-0831-4990-9206-E34DA41CC91F}WebConsoleamd64it
{5E4589EB-40D6-411E-8660-D76336CA9C9D}Consolex86it
{01424C3B-D984-4E4F-967D-F28122ACD068}ACSamd64ja
{47C36A5B-97A3-41DB-BE99-5C9B90EE21A3}Consoleamd64ja
{25225641-E2C7-4367-B21D-51F5ED23910F}WebConsoleamd64ja
{A232FE28-A4E3-4B18-94E9-B621D1916F1D}Consolex86ja
{9FE00AA5-DE5A-47A4-BC0E-A4B21AA5681D}ACSamd64ko
{626127B4-FBFD-4ECB-8431-BB5892666B33}Consoleamd64ko
{62F276A2-06C0-459B-9231-E650F8C4C6EE}WebConsoleamd64ko
{CD8A05A6-BFF5-4D94-907B-47B02C3FC083}Consolex86ko
{038660BA-FC7F-4457-9AA5-78A2CF838D6D}ACSamd64nl
{E1318444-B131-49BF-88F2-DE32FEC08828}Consoleamd64nl
{A36CAA22-8F2C-4067-B212-5D3AF2ED88C0}WebConsoleamd64nl
{EC7F4CF6-BB03-4EA9-95CA-98226B1607B0}Consolex86nl
{58A6FF2A-1C01-404D-ABF5-F07895DA2BA0}ACSamd64pl
{6282D513-4C9C-4C37-8C6C-52E0D6D7AFE0}Consoleamd64pl
{CDA26C7B-6206-4F82-9E03-771944DCC547}WebConsoleamd64pl
{73FA9C3E-DA6C-4163-81E3-B156A2448507}Consolex86pl
{747FC835-EE08-4FDE-AE2E-DFDFD8737D0D}ACSamd64pt-br
{86FDB515-0924-4DD1-A85D-8E66A1228791}Consoleamd64pt-br
{9CA90E93-76E2-4495-885D-1C5CB6225B92}WebConsoleamd64pt-br
{B2775F58-C838-4C2D-AB90-A5C591C56142}Consolex86pt-br
{4285C331-5C90-419D-95EB-5661E4585322}ACSamd64pt-pt
{CA799F06-E5B4-4974-B4CA-E8A3AEA4120C}Consoleamd64pt-pt
{6CF6E35F-7988-4FCE-9DC6-0790DB6F8926}WebConsoleamd64pt-pt
{92E256F4-4E72-40F8-B43D-CABB17FFA7AC}Consolex86pt-pt
{DC715B29-0BFA-4EFB-92B3-E608C91636B4}ACSamd64ru
{B9064B22-EC62-4C85-859B-63D3019763DC}Consoleamd64ru
{62EACC72-E048-4DA1-BD0A-781EB4D3061A}WebConsoleamd64ru
{F5CD746F-05CA-4A55-A020-A9F4159F6524}Consolex86ru
{FD624243-62B5-4549-8AE3-B205CDA9D327}ACSamd64sv
{BA1BE481-F2DC-45B5-A5F0-C2EE215ADC15}Consoleamd64sv
{626DDA5D-2DBB-4E19-AAEE-EFF10C142E3A}WebConsoleamd64sv
{810D40FE-069C-4EFB-9A49-85F1D4618F79}Consolex86sv
{9E1D528A-58B7-46E6-A61B-8018CA336FF4}ACSamd64tr
{B75A9FA4-94B1-48B8-9448-540A47D3D8B7}Consoleamd64tr
{12A3AC36-FE0E-4228-8673-67B2D7EE711A}WebConsoleamd64tr
{A0B5AAC2-4C86-447C-9886-64D21EEBD70C}Consolex86tr
{29C3D19A-37A9-43F5-9FB7-B690C5DFA09A}ACSamd64tw
{2729D54F-239D-4A7E-B872-4AD6EA003A46}Consoleamd64tw
{C434EC18-F74C-4A64-9EF0-AD736BE18316}WebConsoleamd64tw
{A0EFEACA-28C2-4196-8B32-AC09E2FE28A1}Consolex86tw
{6E404EC3-A487-4B09-B1A8-07E17D4FADC3}ACSamd64zh-hk
{70F39FE3-9E7F-4673-8246-8C279E2B9FDD}Consoleamd64zh-hk
{6DD96802-733F-4FDD-A3CB-5C25AF4DC8EA}WebConsoleamd64zh-hk
{F6981DF2-A8EB-4F88-93C6-663B009C1CF0}Consolex86zh-hk


Additionally, RTMProductCodeGuid is a placeholder that represents one of the following GUIDs:

ComponentRTMProductCodeGuid
Server{8070C91C-7D7C-4DAD-88B1-0966EEA9A8FE}
Console (AMD64){5142AB0B-73E3-4AD3-9D0F-65B3D9026769}
Console (x86){358C8AF0-25BB-425A-A4E6-7ADE54ED4736}
WebConsole (AMD64){5ED945BA-2BDD-4567-804E-8D3D2DB5CC9B}
ACS{3E7464F7-A468-44E1-9A95-58349E022EAE}
Agent (AMD64){8B21425D-02F3-4B80-88CE-8F79B320D330}
Agent (x86){387306D9-78CE-4E0E-B952-28A50CC8B3EE}
Agent (IA-64){F3DDB021-89BC-464F-9107-69E2547D08FD}
Gateway{80C2A57A-4193-4800-AA27-CD79553FE9DF}
SCX-ACS (AMD64){B30F4F71-2AF3-4542-855B-E1C7A31AC9A5}
SCX-ACS (x86){B30F4F71-2AF3-4542-855B-E1C7A31AC9A5}

Files updated in this update rollup

The following is a list of files that have changed in this update rollup. If you do not have all previous update rollups installed, files other than those listed here may also be updated. For a complete list of files that are updated, refer to the "Files Updated in this Update Rollup" section of all update rollups that were released after your current update rollup.

Files that are updatedVersionSize
HealthServiceRuntime.dll7.0.9538.1136311 KB
Microsoft.EnterpriseManagement.UI.Administration.dll7.0.9538.11364.25 MB
Microsoft.EnterpriseManagement.UI.Administration.resources.dll7.0.9538.11362.41 MB
Microsoft.EnterpriseManagement.Presentation.WebConsole.dll 7.0.9538.1136106 KB
Microsoft.Mom.Common.dll 7.0.9538.1136255 KB
Microsoft.EnterpriseManagement.Monitoring.Console.exe7.0.9538.11364.45 MB
update_rollup_mom_db.sql7.0.9538.113662 KB
Properties

Article ID: 3071088 - Last Review: 08/12/2015 11:48:00 - Revision: 2.0

Microsoft System Center 2012 Operations Manager Service Pack 1

  • kbqfe kbsurveynew kbfix kbexpertiseinter atdownload kbsecvulnerability kbsecurity kbsecbulletin kbbug KB3071088
Feedback