MS15-086: Vulnerability in System Center Operations Manager could allow elevation of privilege: August 11, 2015

Summary
This security update resolves a vulnerability in Microsoft System Center 2012 Operations Manager and Microsoft System Center 2012 R2 Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or an Instant Messenger message that takes users to the affected website. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-086.
Additional information about this security update
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.
  • 3064919 MS15-086: Security Update for Update Rollup 7 for System Center 2012 R2 Operations Manager: August 11, 2015
  • 3071088 MS15-086: Security update for Update Rollup 10 for System Center 2012 Operations Manager Service Pack 1: August 11, 2015
  • 3071089 MS15-086: Security Update for Update Rollup 8 for System Center 2012 Operations Manager: August 11, 2015

Security update deployment information

Microsoft System Center 2012 Operations Manager (all editions)

Reference Table

The following table contains the security update information for this software.
Inclusion in future service packsThe update for this issue will be included in a future service pack or update rollup.
Security update file namesFor Microsoft System Center 2012 Operations Manager (installs Update Rollup 8):
KB3071089-AMD64-WebConsole.msp

For Microsoft System Center 2012 Operations Manager Service Pack 1 (installs Update Rollup 10):
KB3071088-AMD64-ENU-WebConsole.msp
Installation switchesSee Microsoft Knowledge Base article 934307
Update log fileMSI logs are created if the customer enables verbose logging.
Restart requirementThis update does not require a restart.
Removal informationSee the Uninstall information section of Microsoft Knowledge Base articles 3071089 and 3071088.
File informationSee Microsoft Knowledge Base articles 3071089 and 3071088.
Registry key verificationNot applicable

Microsoft System Center 2012 Operations Manager R2 (all editions)

Reference Table

The following table contains the security update information for this software.
Inclusion in future service packsThe update for this issue will be included in a future service pack or update rollup.
Security update file namesFor Microsoft System Center 2012 Operations Manager R2 (installs Update Rollup 7):
KB3064919-AMD64-ENU-WebConsole.msp
Installation switchesSee Microsoft Knowledge Base article 934307
Update log fileMSI logs are created if the customer enables verbose logging.
Restart requirementThis update does not require a restart.
Removal informationSee the Uninstall information section of Microsoft Knowledge Base article 3064919
File informationSee Microsoft Knowledge Base article 3064919
Registry key verificationNot applicable

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support
Properties

Article ID: 3075158 - Last Review: 08/11/2015 17:27:00 - Revision: 1.0

Microsoft System Center 2012 R2 Operations Manager, Microsoft System Center 2012 Operations Manager

  • kbsecvulnerability kbsecurity kbsecbulletin kbfix kbexpertiseinter kbbug atdownload KB3075158
Feedback