January 2013 Security Bulletins - Update 1

(imported topic written by TerryWeiChao)

Content in the Patches for Windows (English) Fixlet Site has been released.

New Fixlet Messages:

Fixlet messages for Microsoft Security Bulletins:

MS13-001

MS13-002 *

MS13-003 *

MS13-004 *

MS13-005

MS13-006

MS13-007 *

  • The noted bulletins are not included in this publishing. Completion of the content is coming.

Reason for Update:

Microsoft has released 7 Security Bulletins for January 2013.

Actions to Take:

None

Published site version:

Patches for Windows (English), version 1701

Additional links:

Microsoft Security Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms13-jan.

Application Engineering Team

Tivoli Endpoint Manager

(imported comment written by Revdigby)

In regards to MS13-003 MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent

This patch is about a gig in size. It shows that any Server that has the SCOM agent is in need of this patch. I spoke to Microsoft and they confirmed this was for only the SCOM manager and NOT a client agent patch. Why would BigFix show all my clients need this patch? Have you gotten any word from others why this patch is over a GIG?

(imported comment written by TerryWeiChao)

We are reviewing this patch and come out some relevance query as below:

For fixlet: 1300302 MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent

Relevance #1:

exists key whose (value “DisplayName” of it as string = “System Center Operations Manager 2007 R2 Agent” AND value “Language” of it as integer = 1033 ) of keys of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products” of native registry

Relevance #2:

(exists file “AdtAgent.exe” whose (version of it < ") of (if (x64 of operating system) then (system x64 folder) else (system folder))) or (((exists file “EventCommon.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthService.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthServiceMessages.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthServicePerformance.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HealthServiceRuntime.dll” whose (version of it < “6.1.7221.110”) of it) or (exists file “HSLockdown.exe” whose (version of it < “6.1.7221.110”) of it)) of folder ((value “InstallDirectory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Setup” of native registry) as string))

It would be great if you can try replace the relevance with the above ones. Let me know the results and we will modify the content accordingly. Thanks!

(imported comment written by TerryWeiChao)

In Microsoft KB Page, there is one section as below:

Advanced installation instruction to manually update agents

With Cumulative Update 7 for System Center Operations Manager 2007 R2, you can manually update agents without copying the full contents of the package. To deploy updates to an agent, follow these steps:

Install the hotfix utility by using the instructions in the “Advanced installation instructions at a command prompt” section. By default, the files that you must have to update the agent are at the following location:

C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2783850

Copy the appropriate .msp files to a folder of your choice (for example, C:\temp\CU7_Agent) on each computer on which you want to manually update the agent.

Run the following two commands at a command prompt from the folder that contains the update files. This folder is C:\temp\CU7_Agent if you follow the suggestion here. For example (x64 architecture and English language):

msiexec.exe /p “C:\temp\CU7_Agent\KB2783850-x64-Agent.msp” REBOOT=“ReallySuppress”

msiexec.exe /p “C:\temp\CU7_Agent\KB2783850-x64-ENU-Agent.msp” REBOOT=“ReallySuppress”

We are working on two Manual caching fixlets. In this case, customer will need to cache small msp files instead of cache 1 GB msi patch. I think this may be what you expect.

Let me know if you need more on this.

Thanks!

(imported comment written by Revdigby)

Thank you for the information…I do see the two new fixlets you mentioned that require manual caching. Question on how to perform this particular fixlet. I understand manual caching but where do I put it? this is what I’m getting in the meantime:

Downloads

File

Status

Details

KB2783850-x86-Agent.msp

Failed

[-]

[+] Download error: “Windows Error 800c0007: No data is available for the requested resource.”

Download requested on server:

URL: http://download.microsoft.com/MANUAL_BES_CACHING_REQUIRED/KB2783850-x86-Agent.msp

SHA1: 0b558bd67e455812bea6bea8687a9101bcca8750

Size: 0 bytes

Next retry: 10 minutes. Retry now

KB2783850-x86-ENU-Agent.msp

Failed

[-]

[+] Download error: “Windows Error 800c0007: No data is available for the requested resource.”

Download requested on server:

URL: http://download.microsoft.com/MANUAL_BES_CACHING_REQUIRED/KB2783850-x86-ENU-Agent.msp

SHA1: 5cc61f43cfcf6720f18d3780638019dc082eec09

Size: 0 bytes

Next retry: 10 minutes. Retry now

(imported comment written by SystemAdmin)

More information on MANUAL_BES_CACHING_REQUIRED: http://www-01.ibm.com/support/docview.wss?uid=swg21506080

You needs to manually put 4 msp files KB2783850-x64-Agent.msp, KB2783850-x64-ENU-Agent.msp, KB2783850-x86-Agent.msp and KB2783850-x86-ENU-Agent.msp under BES Server. Those files can be found under C:\Program Files (x86)\System Center 2007 R2 Hotfix Utility\KB2783850 after installing the downloaded 1gb msi.

(imported comment written by Revdigby)

Great, this worked out I completed more than 400 updates via this fixlet:

MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)

One thing I’m getting hung up on…

I notice the following fixlets:

  1. MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent

  2. MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)

MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required) (x64)

I have three outstanding clients (x64) the were showing

(imported comment written by Revdigby)

Great, this worked out I completed more than 400 updates via this fixlet:

MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)

One thing I’m getting hung up on…

I notice the following fixlets:

  1. MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent

  2. MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required)

  3. MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege - System Center Operations Manager 2007 R2 Agent (Manual caching required) (x64)

I have three outstanding clients (x64) the were showing up on all three fixlets(needed patches) so I installed the 1. fixlet to all three x64 clients…this took out the clients from no. 1 and no.3 fixlet BUT still showing up needed for no.2? I have since removed the SCOM agents altogether and installed several times. I don’t undersand why any x64 clients would show up for no.2 fixlet?

(imported comment written by Revdigby)

So my issue is that I have 3 clients (x64) that have the MS13-003 patched installed BUT its still showing outstanding for no. 2 fixlet. What can I do to verify why BigFix is telling me that I have three clients (with the fixlet already installed) still outstanding? Out of 400 clients these three clients (x64) will not update and clear from the no. 2 fixlet.

(imported comment written by SystemAdmin)

Hi. I was trying to reproduce the described behavior but haven’t succeeded. Do you notice anything special with those 3 machines? Do they have 32bit SCOM Agent or any other SCOM components installed?