In regards to MS13-003 MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent
This patch is about a gig in size. It shows that any Server that has the SCOM agent is in need of this patch. I spoke to Microsoft and they confirmed this was for only the SCOM manager and NOT a client agent patch. Why would BigFix show all my clients need this patch? Have you gotten any word from others why this patch is over a GIG?
We are reviewing this patch and come out some relevance query as below:
For fixlet: 1300302 MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent
Relevance #1:
exists key whose (value “DisplayName” of it as string = “System Center Operations Manager 2007 R2 Agent” AND value “Language” of it as integer = 1033 ) of keys of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products” of native registry
Relevance #2:
(exists file “AdtAgent.exe” whose (version of it < ") of (if (x64 of operating system) then (system x64 folder) else (system folder))) or (((exists file “EventCommon.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthService.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthServiceMessages.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthServicePerformance.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthServiceRuntime.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HSLockdown.exe” whose (version of it < “6.1.7221.110”) of it)) of folder ((value “InstallDirectory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup” of native registry) as string))
It would be great if you can try replace the relevance with the above ones. Let me know the results and we will modify the content accordingly. Thanks!
In Microsoft KB Page, there is one section as below:
Advanced installation instruction to manually update agents
With Cumulative Update 7 for System Center Operations Manager 2007 R2, you can manually update agents without copying the full contents of the package. To deploy updates to an agent, follow these steps:
Install the hotfix utility by using the instructions in the “Advanced installation instructions at a command prompt” section. By default, the files that you must have to update the agent are at the following location:
C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2783850
Copy the appropriate .msp files to a folder of your choice (for example, C:\temp\CU7_Agent) on each computer on which you want to manually update the agent.
Run the following two commands at a command prompt from the folder that contains the update files. This folder is C:\temp\CU7_Agent if you follow the suggestion here. For example (x64 architecture and English language):
We are working on two Manual caching fixlets. In this case, customer will need to cache small msp files instead of cache 1 GB msi patch. I think this may be what you expect.
Thank you for the information…I do see the two new fixlets you mentioned that require manual caching. Question on how to perform this particular fixlet. I understand manual caching but where do I put it? this is what I’m getting in the meantime:
Downloads
File
Status
Details
KB2783850-x86-Agent.msp
Failed
[-]
[+] Download error: “Windows Error 800c0007: No data is available for the requested resource.”
You needs to manually put 4 msp files KB2783850-x64-Agent.msp, KB2783850-x64-ENU-Agent.msp, KB2783850-x86-Agent.msp and KB2783850-x86-ENU-Agent.msp under BES Server. Those files can be found under C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2783850 after installing the downloaded 1gb msi.
Great, this worked out I completed more than 400 updates via this fixlet:
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)
One thing I’m getting hung up on…
I notice the following fixlets:
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required) (x64)
I have three outstanding clients (x64) the were showing
Great, this worked out I completed more than 400 updates via this fixlet:
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)
One thing I’m getting hung up on…
I notice the following fixlets:
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)
MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required) (x64)
I have three outstanding clients (x64) the were showing up on all three fixlets(needed patches) so I installed the 1. fixlet to all three x64 clients…this took out the clients from no. 1 and no.3 fixlet BUT still showing up needed for no.2? I have since removed the SCOM agents altogether and installed several times. I don’t undersand why any x64 clients would show up for no.2 fixlet?
So my issue is that I have 3 clients (x64) that have the MS13-003 patched installed BUT its still showing outstanding for no. 2 fixlet. What can I do to verify why BigFix is telling me that I have three clients (with the fixlet already installed) still outstanding? Out of 400 clients these three clients (x64) will not update and clear from the no. 2 fixlet.
Hi. I was trying to reproduce the described behavior but haven’t succeeded. Do you notice anything special with those 3 machines? Do they have 32bit SCOM Agent or any other SCOM components installed?