MS15-086: Security update for Update Rollup 8 for System Center 2012 Operations Manager: August 11, 2015

Introduction
This article describes the issues that are fixed in Update Rollup 8 for Microsoft System Center 2012 Operations Manager. Additionally, this article contains the installation instructions for Update Rollup 8 for System Center 2012 Operations Manager.

Issues that are fixed in this update rollup

Operations Manager

  • The home page link on the Web Console noscript.aspx file is vulnerable to cross-site scripting (XSS)

    A security vulnerability exists in the Web Console for System Center 2012 Operations Manager that could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. This fix resolves that vulnerability. For more information, see Microsoft Security Bulletin MS15-086.

How to obtain and install Update Rollup 8 for System Center 2012 Operations Manager

Download information

Update packages for Operations Manager are available from Microsoft Update or by manual download.

Microsoft Update
To obtain and install an update package from Microsoft Update, follow these steps on a computer that has an Operational Manager component installed:
  1. Click Start, and then click Control Panel.
  2. In Control Panel, double-click Windows Update.
  3. In the Windows Update window, click Check Online for updates from Microsoft Update.
  4. Click Important updates are available.
  5. Select the Update Rollup package, and then click OK.
  6. Click Install updates to install the update package.
Manual download of the update packages
Go to the following website to manually download the update packages from the Microsoft Update Catalog:


Installation instructions

Installation notes
  • This update rollup package is available from Microsoft Update in the following languages:
    • Japanese (JPN)
    • French (FRA)
    • German (DEU)
    • Russian (RUS)
    • Italian (ITA)
    • Spanish (ESN)
    • Portuguese (Brazil) (PTB)
    • Chinese Traditional (CHT)
    • English (ENU)


  • Some components are Multilanguage, and the updates for these components are not localized.
  • You must run this update rollup as an administrator.
  • If you do not want to restart the computer after you apply the console update, close the console before you apply the update for the console role.
  • To start a new instance of Microsoft Silverlight, clear the browser cache in Silverlight, and then restart Silverlight.
  • Do not install this update rollup package immediately after you install the System Center 2012 R2 server. Otherwise, the Health Service state may not be initialized.
  • If User Account Control is enabled, run the .msp update files from an elevated command prompt.
  • You must have System Administrator rights on the database instances for the Operational Database and Data warehouse to apply updates to these databases.
  • To enable the web console fixes, add the following line to the %windir%\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config file:

    <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>


    Note Add the line under the <system.web> section, as described in the following article in the Microsoft Knowledge Base:

    911722 You may receive an error message when you access ASP.NET Web pages that have ViewState enabled after you upgrade from ASP.NET 1.1 to ASP.NET 2.0

Operations Manager update
  1. Download the update packages that Microsoft Update provides for each computer. Microsoft Update provides the appropriate updates according to the components that are installed on each computer. Or, download from the Microsoft Download Catalog, and download the update packages for Gateway, Agent, Console, Reporting and Server from Microsoft Download Catalog for Update Rollup 3.

  2. Apply the appropriate MSP files on each computer.

    Note MSP files are included in the update rollup package. Apply all MSP files that relate to a specific computer. For example, if the web console and console roles are installed on a management server, apply the MSP files on the management server. Apply one MSP file on a server for each specific role that the server holds.

Uninstall information

To uninstall an update, run the following command:

msiexec /uninstall PatchCodeGuid /package RTMProductCodeGuid

Note In this command, RTMProductCodeGuid is a placeholder for one of the following GUIDs:

ComponentGUID
Server7348450D-5558-4CA6-8E71-044720D304F2
Console (amd64)95241780-B772-4A42-A1F0-8FA951FAF619
Console (x86)4FC5546F-AD4A-4C76-9B48-DF11F946EDD0
ReportingA1A61449-81E0-4C25-82DD-92B0A3CB4E77
WebConsole (amd64)20F530CC-FD73-43FE-ABD3-138D140A77A9
Agent (amd64)5155DCF6-A1B5-4882-A670-60BF9FCFD688
Agent (x86)D14AAC0-B9A1-4CEF-B507-23755C1EBE3A
Agent (IA-64)16499EB-B3D8-4473-9EF4-AB72FDDECD4B
Gateway7032CF7-3861-4150-8EDD-4DE2540C6E7B

PatchCodeGuid is a placeholder for one of the following GUIDs:

PatchCodeComponentCPULocal
{84648755-1277-4644-B53A-545FFB9307D4}WebConsoleamd64en
{30D0C384-CE00-4D49-B4EE-EBF876046FAF}WebConsoleamd64cn
{9A9C3019-7E04-42AC-96F6-736472234865}WebConsoleamd64de
{47475C23-5D5F-48A0-AA49-180020C870CA}WebConsoleamd64es
{D68E61CE-409C-4ED5-A4CF-F72984F60ED0}WebConsoleamd64fr
{B04022C0-548C-4A65-B0B1-672BC5A330AF}WebConsoleamd64it
{F9D4D2D5-D5BC-43CD-998F-C6294F3F6B06}WebConsoleamd64ja
{BE7233C5-8AB8-4155-AC0D-8F1C4D2A663A}WebConsoleamd64pt
{05E26490-E3EC-4D50-899F-6EE03AC3EED6}WebConsoleamd64ru

Files updated in this update rollup

The following is a list of files that changed in this update rollup. If you do not have all previous update rollups installed, files other than those that are listed here may also be updated. For a complete list of files that are updated, refer to the "Files Updated in this Update Rollup" section of all update rollups that were released after your current update rollup.

Files that are updatedVersionSize
Microsoft.EnterpriseManagement.Presentation.WebConsole.dll7.0.8560.1048106 KB
Microsoft.Mom.Common.dll7.0.8560.1048251 KB
Properties

Article ID: 3071089 - Last Review: 08/11/2015 17:28:00 - Revision: 1.0

Microsoft System Center 2012 Operations Manager

  • kbqfe kbsurveynew kbfix kbexpertiseinter atdownload kbsecvulnerability kbsecurity kbsecbulletin kbbug KB3071089
Feedback