MS15-086: Vulnerability in System Center Operations Manager could allow elevation of privilege: August 11, 2015

Summary

This security update resolves a vulnerability in Microsoft System Center 2012 Operations Manager and Microsoft System Center 2012 R2 Operations Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or an Instant Messenger message that takes users to the affected website. To learn more about the vulnerability, see Microsoft Security Bulletin MS15-086.

Additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.

  • 3064919 MS15-086: Security Update for Update Rollup 7 for System Center 2012 R2 Operations Manager: August 11, 2015

  • 3071088 MS15-086: Security update for Update Rollup 10 for System Center 2012 Operations Manager Service Pack 1: August 11, 2015

  • 3071089 MS15-086: Security Update for Update Rollup 8 for System Center 2012 Operations Manager: August 11, 2015

Microsoft System Center 2012 Operations Manager (all editions)Reference Table

The following table contains the security update information for this software.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.

Security update file names

For Microsoft System Center 2012 Operations Manager (installs Update Rollup 8):
KB3071089-AMD64-WebConsole.msp


For Microsoft System Center 2012 Operations Manager Service Pack 1 (installs Update Rollup 10):
KB3071088-AMD64-ENU-WebConsole.msp

Installation switches

See Microsoft Knowledge Base article 934307

Update log file

MSI logs are created if the customer enables verbose logging.

Restart requirement

This update does not require a restart.

Removal information

See the Uninstall information section of Microsoft Knowledge Base articles 3071089 and 3071088.

File information

See Microsoft Knowledge Base articles 3071089 and 3071088.

Registry key verification

Not applicable

Microsoft System Center 2012 Operations Manager R2 (all editions)Reference Table

The following table contains the security update information for this software.

Inclusion in future service packs

The update for this issue will be included in a future service pack or update rollup.

Security update file names

For Microsoft System Center 2012 Operations Manager R2 (installs Update Rollup 7):
KB3064919-AMD64-ENU-WebConsole.msp

Installation switches

See Microsoft Knowledge Base article 934307

Update log file

MSI logs are created if the customer enables verbose logging.

Restart requirement

This update does not require a restart.

Removal information

See the Uninstall information section of Microsoft Knowledge Base article 3064919

File information

See Microsoft Knowledge Base article 3064919

Registry key verification

Not applicable


Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×